lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: full-disclosure at (Bill Royds)
Subject: Windows 2000 Logout events are not monitored!

The logout even is event number 540 in security log. All the Win2K I manage
have these entries for every logout. Check your security policy to ensure
that you are recording them.
There are in Local Security Policy MMS under Local Policies/Audit
Events/{Audit account logon events,Audit logon events}. YOu want both
success and failure to caputre a successful logoff.

----- Original Message ----- 
From: "Darren Bennett" <>
To: "Full Disclosure" <>
Sent: Monday, November 10, 2003 12:42 PM
Subject: [Full-Disclosure] Windows 2000 Logout events are not monitored!

: It's possible this has been on the list before but I'm going to check
: anyway. With windows 2000 (server is the platform I have tested), when
: auditing of login/logout events is enabled, only login events are
: recorded. This appears to be a bug with Windows. I have tried applying a
: patch from Microsoft that is supposed to fix this and the patch didn't
: work. Anyone else seen this behavior? Any suggestions on how I could
: record logout events without relying on MS?
: -Thanks,
: Darren
: -----------------------------------------------
: Darren Bennett - CISSP
: Sr. Systems Administrator/Manager
: Science Applications International Corporation
: Advanced Systems Development and Integration
: -----------------------------------------------
: _______________________________________________
: Full-Disclosure - We believe in it.
: Charter:

Powered by blists - more mailing lists