Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • What Is The Difference Between "Account Logon" and "Logon/Logoff " Events?

    Încărcat de

    Robert Junior
    17 vizualizări10 pagini
    Ultimate Windows Security.com explains the Difference Between "logon / logoff" events and "authentication vs. Logon" events. Account logons are events that occur whenever an account logs onto the computer. Authentication events occur when a user logs onto a computer using a local account.

    Descriere originală:

    Titlu original

    Webinar 72 Slides

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Ultimate Windows Security.com explains the Difference Between "logon / logoff" events and "authentication vs. Logon" events. Account logons are events that occur whenever an account logs onto the computer. Authentication events occur when a user logs onto a computer using a local account.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    17 vizualizări10 pagini

    What Is The Difference Between "Account Logon" and "Logon/Logoff " Events?

    Încărcat de

    Robert Junior
    Ultimate Windows Security.com explains the Difference Between "logon / logoff" events and "authentication vs. Logon" events. Account logons are events that occur whenever an account logs onto the computer. Authentication events occur when a user logs onto a computer using a local account.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 10

    What is the Difference Between Account Logon and Logon/Logoff Events?

    Commissioned by:

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Brought to you by

    Speaker
    Isaac Thompson Director of Engineering and Training
    2009 Monterey Technology Group Inc.

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Preview of key points

    Authentication vs. Logon vs. Local accounts vs domain accounts Understanding


    Account Logon Events Logon/Logoff Events

    Which should you use?

    Ultimate Windows Security.com

    Logons

    2 kinds of accounts
    Local computer SAM AD domain accounts

    2004-2006 Monterey Technology Group Inc.

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Logons

    2 kinds of logons
    Interactive Network (aka remote)

    Credentials entered once


    But separate logon for each computer accessed Workstation remembers credentials for each computer accessed

    Drive mapping

    Network logon

    2004-2006 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Specifying local or domain logons

    Domain

    Local SAM

    2004-2006 Monterey Technology Group Inc.

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Specifying local or domain logons

    [computer or domain name\]username

    2004-2006 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Logon vs. Authentication

    Separate and distinct


    Logon
    computer where the account gains access to objects and can run programs

    Authentication
    Computer that checks the accounts credentials

    2004-2006 Monterey Technology Group Inc.

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Logon vs. Authentication

    Same computer for both


    Workstation or member server where user logging on with local SAM account User is logging on to domain controller itself

    Different computers
    User logging onto workstation or member ith domain account i t server with d

    2004-2006 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    2 Audit policy/security log categories

    Logon events

    Authentication events
    2004-2006 Monterey Technology Group Inc.

    10

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    2 Audit policy/security log categories

    Authentication vs. Logons g g Logon/logoff events


    Logged whenever an account logs onto the computer
    Interactively, network, batch, service, terminals services

    Account logon events


    Logged only when local computer gg y p authenticates
    Domain controllers - all domain account logons Member servers and workstations only local SAM accounts
    2004-2006 Monterey Technology Group Inc.

    11

    Ultimate Windows Security.com

    Tracking authentication activity


    Enable Audit account logon e e ts aud t ogo events audit policy Monitor security log for Account Logon category

    Domain accounts
    Each domain controller

    Local accounts
    Each workstation and server

    2004-2006 Monterey Technology Group Inc.

    12

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    User logs on with a domain account


    Logon/logoff events logged

    Account Logon events logged

    Logon/logoff events logged

    2004-2006 Monterey Technology Group Inc.

    13

    Ultimate Windows Security.com

    User logs on with local SAM accounts


    Logon/logoff & Account Logon events logged

    Logon/logoff & Account Logon events logged

    2004-2006 Monterey Technology Group Inc.

    14

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Interesting point

    Logon/Logoff category on domain controller does not log failed logons occurring on workstations or member servers even though user is a domain account

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Bottom Line

    Which should you use?


    Domain Controllers
    Enable Account Logon for success and failure to provide complete audit trail of all
    Domain account authentication activity Computers accessed by each domain account

    What about Logon/Logoff on domain controllers?


    Provides better audit trail of remote desktop and console logons Generates lots of worthless network logon/logoff events every time each computer applies group policy Consider enabling only for failed events to identity attempts to break into DC itself

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Bottom Line

    Which should you use?


    Member Servers
    Enable Logon/Logoff for complete audit trail of every attempt to access that computer whether by a local or domain What about Logon/Logoff on domain controllers?
    Provides better audit trail of remote desktop and console logons Generates lots of worthless network logon/logoff events every time each computer applies group policy

    Ultimate Windows Security.com

    Brought to you by

    Speaker
    Isaac Thompson Director of Engineering and Training
    2009 Monterey Technology Group Inc.

    2009 Monterey Technology Group Inc.

    Ultimate Windows Security.com

    Want to Learn More?


    Windows Security Log
    Attend Security Log Secrets training Los Angeles January 2010 www.ultimatewindowssecurity. com/redir.aspx?name=sls2010 Get the Windows Security Log Resource Kit www ultimateWindowsSecurity www.ultimateWindowsSecurity .com/grok

    EventTracker
    slafferty@prismmicrosys.com www.prismmicrosys.com/ /

    2009 Monterey Technology Group Inc.

    2009 Monterey Technology Group Inc.

    10

    S-ar putea să vă placă și