WinSecWiki
Newsletter
Security Log Central
Blog
Ask Randy
IT Audit & Compliance
Article Library
Security Bulletins
Encyclopedia
Audit and Assessment of Active Directory
Complete Windows Security
Security Log Secrets
Total Vista Lockdown
Why Us?
Randy Franklin Smith
Monterey Technology Group
Contact Us
Site Map
>
Ultimate Windows Security Site Map
Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface
UWS Site Map
Home Resources Newsletter Recent Archive Security Log Central Training Security Log Software Reference Chart eBook Encyclopedia Consulting Randy Franklin Smith Ask Randy Blog Archive Ask Randy I.T. Audit & Compliance ITACCS Newsletter Audit Programs Blog: Windows Security, Et al Training Audit Services Windows And Active Directory IT Audit Services Application Development Reviews Comprehensive Information Security Reviews Article Library Most Recent By Year By Subject Security Bulletin Encyclopedia Software Bit Locker Training Security Log Secrets Benefits Interact Learn Topics FAQ Options On - Site Computer - Based Training Request Register Complete Windows Security Benefits Learn Agenda FAQ Onsite Request Register Total Vista Lock down Benefits Features Discussions Implementing Manageability Vectors Options Auditor Training Why Us? eStore Books Interactive Multi-Media Training Current Order Your Account Security Log Central Training Benefits Interact Learn Topics FAQ Options On - Site Computer - Based Training Request Register Security Log Software Event Tracker GFI LANGuard LogCaster LogRhythm FileAudit Reference Chart eBook Encyclopedia Consulting Randy Franklin Smith Ask Randy About Us Randy Franklin Smith Ultimate Windows Security Monterey Tech Group, Inc. Site Map Wiki Access this computer from the network Account lockout duration Account Lockout Policy Account lockout threshold Account Policies Accounts: Administrator account status Accounts: Guest account status Accounts: Limit local account use of blank passwords Accounts: Rename administrator account Accounts: Rename guest account Act as part of the operating system Add workstations to domain Adjust memory quotas for a process Admin equivalent rights Allow log on locally Allow logon through Terminal Services Audit account logon events Audit account management Audit Categories For Vista and Windows Server 2008 Audit Category: Account Lockout (Vista and Windows Server 2008) Audit Category: Account Logon (Vista and Windows Server 2008) Audit Category: Account Logon (XP, 2000 and 2003) Audit Category: Account Management (Vista and Windows Server 2008) Audit Category: Account Management (XP, 2000 and 2003) Audit Category: Application Generated (Vista and Windows Server 2008) Audit Category: Application Group Management (Vista and Windows Server 2008) Audit Category: Audit Policy Change (Vista and Windows Server 2008) Audit Category: Authentication Policy Change (Vista and Windows Server 2008) Audit Category: Authorization Policy Change (Vista and Windows Server 2008) Audit Category: Certification Services (Vista and Windows Server 2008) Audit Category: Computer Account Management (Vista and Windows Server 2008) Audit Category: Detailed Directory Service Replication (Vista and Windows Server 2008) Audit Category: Detailed Tracking (Vista and Windows Server 2008) Audit Category: Detailed Tracking (XP, 2000 and 2003) Audit Category: Directory Service (XP, 2000 and 2003) Audit Category: Directory Service Access (Vista and Windows Server 2008) Audit Category: Directory Service Changes (Vista and Windows Server 2008) Audit Category: Directory Service Replication (Vista and Windows Server 2008) Audit Category: Distribution Group Management (Vista and Windows Server 2008) Audit Category: DPAPI Activity (Vista and Windows Server 2008) Audit Category: DS Access (Vista and Windows Server 2008) Audit Category: Event processing (Eventlog source) (Vista and Windows Server 2008) Audit Category: File Share (Vista and Windows Server 2008) Audit Category: File System (Vista and Windows Server 2008) Audit Category: Filtering Platform Connection (Vista and Windows Server 2008) Audit Category: Filtering Platform Packet Drop (Vista and Windows Server 2008) Audit Category: Filtering Platform Policy Change (Vista and Windows Server 2008) Audit Category: Handle Manipulation (Vista and Windows Server 2008) Audit Category: IPsec Driver (Vista and Windows Server 2008) Audit Category: IPsec Extended Mode (Vista and Windows Server 2008) Audit Category: IPsec Main Mode (Vista and Windows Server 2008) Audit Category: IPsec Quick Mode (Vista and Windows Server 2008) Audit Category: Kerberos Authentication Service (Vista and Windows Server 2008) Audit Category: Kerberos Service Ticket Operations (Vista and Windows Server 2008) Audit Category: Kernel Object (Vista and Windows Server 2008) Audit Category: Log automatic backup (Eventlog source) (Vista and Windows Server 2008) Audit Category: Log clear (Eventlog source) (Vista and Windows Server 2008) Audit Category: Logoff (Vista and Windows Server 2008) Audit Category: Logon (Vista and Windows Server 2008) Audit Category: Logon/Logoff (Vista and Windows Server 2008) Audit Category: Logon/Logoff (XP, 2000 and 2003) Audit Category: MPSSVC Rule-Level Policy Change (Vista and Windows Server 2008) Audit Category: Network Policy Server (Vista and Windows Server 2008) Audit Category: Non Audit (Vista and Windows Server 2008) Audit Category: Non Sensitive Privilege Use (Vista and Windows Server 2008) Audit Category: Object Access (Vista and Windows Server 2008) Audit Category: Object Access (XP, 2000 and 2003) Audit Category: Other Account Logon Events (Vista and Windows Server 2008) Audit Category: Other Account Management Events (Vista and Windows Server 2008) Audit Category: Other Logon/Logoff Events (Vista and Windows Server 2008) Audit Category: Other Object Access Events (Vista and Windows Server 2008) Audit Category: Other Policy Change Events (Vista and Windows Server 2008) Audit Category: Other Privilege Use Events (Vista and Windows Server 2008) Audit Category: Other System Events (Vista and Windows Server 2008) Audit Category: Policy Change (Vista and Windows Server 2008) Audit Category: Policy Change (XP, 2000 and 2003) Audit Category: Privilege Use (Vista and Windows Server 2008) Audit Category: Privilege Use (XP, 2000 and 2003) Audit Category: Process Creation (Vista and Windows Server 2008) Audit Category: Process Termination (Vista and Windows Server 2008) Audit Category: Registry (Vista and Windows Server 2008) Audit Category: RPC Events (Vista and Windows Server 2008) Audit Category: SAM (Vista and Windows Server 2008) Audit Category: Security Group Management (Vista and Windows Server 2008) Audit Category: Security State Change (Vista and Windows Server 2008) Audit Category: Security System Extension (Vista and Windows Server 2008) Audit Category: Sensitive Privilege Use (Vista and Windows Server 2008) Audit Category: Service shutdown (Eventlog source) (Vista and Windows Server 2008) Audit Category: Special Logon (Vista and Windows Server 2008) Audit Category: Subcategory could not be determined (Vista and Windows Server 2008) Audit Category: System (Vista and Windows Server 2008) Audit Category: System Events (XP, 2000 and 2003) Audit Category: System Integrity (Vista and Windows Server 2008) Audit Category: User Account Management (Vista and Windows Server 2008) Audit directory service access Audit logon events Audit object access Audit Policy Audit policy change Audit privilege use Audit process tracking Audit Subcategory: Credential Validation Audit system events Audit: Audit the use of Backup and Restore privilege Audit: Audit the use of global system objects Audit: Shut down system immediately if unable to log security audits Auditpol Back up files and directories Bypass traverse checking Change the system time Create a pagefile Create a token object Create global objects Create permanent shared objects DCOM: Machine Access Restrictions In Security Descriptor Definition Language (SDDL) syntax DCOM: Machine Launch Restrictions In Security Descriptor Definition Language (SDDL) syntax Debug programs Deny access to this computer from the network Deny logon as a batch job Deny logon as a service Deny logon locally Deny logon through Terminal Services Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior Domain Controller: Allow server operators to schedule tasks Domain Controller: LDAP server signing requirements Domain Controller: Refuse machine account password changes Domain Member: Digitally encrypt or sign secure channel data (always) Domain Member: Digitally encrypt secure channel data (when possible) Domain Member: Digitally sign secure channel data (when possible) Domain Member: Disable machine account password changes Domain Member: Maximum machine account password age Domain Member: Require strong (Windows 2000 or later) session key Enable computer and user accounts to be trusted for delegation Enforce password history Enforce User Logon Restrictions Event Log File System Force shutdown from a remote system Generate security audits Impersonate a client after authentication Increase scheduling priority Interactive logon: Display user information when the session is locked Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case domain controller is not available) Interactive logon: Prompt the user to change password before expiration Interactive logon: Require Domain Controller authentication to unlock workstation Interactive logon: Require smart card Interactive logon: Smart card removal behavior IP Security Policies Kerberos Policies Load and unload device drivers Local Policies Lock pages in memory Log on as a batch job Log on as a service Logon rights Manage auditing and security log Maximum Lifetime For Service Ticket Maximum Lifetime For User Ticket Maximum Lifetime For User Ticket Renewal Maximum password age Maximum Tolerance For Computer Clock Synchronization Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network server: Amount of idle time required before suspending session Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Minimum password age Minimum password length Modify firmware environment values Network access: Allow anonymous SID/Name translation Network access: Do not allow anonymous enumeration of SAM accounts Network access: Do not allow anonymous enumeration of SAM accounts and shares Network access: Do not allow storage of credentials or .NET Passports for network authentication Network access: Let Everyone permissions apply to anonymous users Network access: Named Pipes that can be accessed anonymously Network access: Remotely accessible registry paths Network access: Remotely accessible registry paths and sub-paths Network access: Restrict anonymous access to Named Pipes and Shares Network access: Shares that can be accessed anonymously Network access: Sharing and security model for local accounts Network security: Do not store LAN Manager hash value on next password change Network security: Force log off when logon hours expire Network security: LAN Manager authentication level Network security: LDAP client signing requirements Network security: minimum session security for NTLM SSP based (including secure or RPC) servers Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Password must meet complexity requirements Password Policy Perform volume maintenance tasks Profile single process Profile system performance Public Key Policies Recommended Baseline Audit Policy for Windows Server 2008 Recovery console: Allow automatic administrative logon Recovery console: Allow floppy copy and access to all drives and all folders Registry Remove computer from docking station Replace a process level token Reset account lockout counter after Restore files and directories Restricted Groups SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeBackupPrivilege SeBatchLogonRight SeChangeNotifyPrivilege SeCreateGlobalPrivilege SeCreatePagefilePrivilege SeCreatePermanentPrivilege SeCreateTokenPrivilege Security Options SecurityLogEventID675 SeDebugPrivilege SeDenyBatchLogonRight SeDenyInteractiveLogonRight SeDenyNetworkLogonRight SeDenyRemoteInteractiveLogonRight SeDenyServiceLogonRight SeImpersonatePrivilege SeIncreaseBasePriorityPrivilege SeInteractiveLogonRight SeLoadDriverPrivilege SeLockMemoryPrivilege SeMachineAccountPrivilege SeManageVolumePrivilege SeNetworkPrivilege SeProfileSingleProcessPrivilege SeRemoteInteractiveLogonRight SeRemoteShutdownPrivilege SeRestorePrivilege SeSecurityPrivilege SeServiceLogonRight SeShutdownPrivilege SeSyncAgentPrivilege SeSystemEnvironmentPrivilege SeSystemtimePrivilege SeTakeOwnershipPrivilege SeTcbPrivilege Shut down the system Shutdown: Allow system to be shut down without having to log on Shutdown: clear virtual memory pagefile Software Restrictions Store passwords using reversible encryption Synchronize directory service data System cryptography: Force strong key protection for user keys stored on the computer System cryptography: Use FIPS compliant algorithms for encryption, crashing, and signing System objects: Default owner for objects created by members of the Administrators group System objects: Require case insensitivity for non–Windows subsystems System objects: strengthen default permissions of internal system objects (e.g. Symbolic Links) System Services System settings: Optional subsystems System Settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Take ownership of files and other objects Terms and Conditions Tracking user rights with the security log Uncategorized events User Rights Assignment User rights in-depth Windows Security Log Windows Security Log Event ID 1100 Windows Security Log Event ID 1101 Windows Security Log Event ID 1102 Windows Security Log Event ID 1104 Windows Security Log Event ID 1105 Windows Security Log Event ID 1108 Windows Security Log Event ID 4608 Windows Security Log Event ID 4609 Windows Security Log Event ID 4610 Windows Security Log Event ID 4611 Windows Security Log Event ID 4612 Windows Security Log Event ID 4614 Windows Security Log Event ID 4615 Windows Security Log Event ID 4616 Windows Security Log Event ID 4618 Windows Security Log Event ID 4621 Windows Security Log Event ID 4622 Windows Security Log Event ID 4624 Windows Security Log Event ID 4624 Windows Security Log Event ID 4625 Windows Security Log Event ID 4634 Windows Security Log Event ID 4646 Windows Security Log Event ID 4647 Windows Security Log Event ID 4648
Wiki Access this computer from the network Account lockout duration Account Lockout Policy Account lockout threshold Account Policies Accounts: Administrator account status Accounts: Guest account status Accounts: Limit local account use of blank passwords Accounts: Rename administrator account Accounts: Rename guest account Act as part of the operating system Add workstations to domain Adjust memory quotas for a process Admin equivalent rights Allow log on locally Allow logon through Terminal Services Audit account logon events Audit account management Audit Categories For Vista and Windows Server 2008 Audit Category: Account Lockout (Vista and Windows Server 2008) Audit Category: Account Logon (Vista and Windows Server 2008) Audit Category: Account Logon (XP, 2000 and 2003) Audit Category: Account Management (Vista and Windows Server 2008) Audit Category: Account Management (XP, 2000 and 2003) Audit Category: Application Generated (Vista and Windows Server 2008) Audit Category: Application Group Management (Vista and Windows Server 2008) Audit Category: Audit Policy Change (Vista and Windows Server 2008) Audit Category: Authentication Policy Change (Vista and Windows Server 2008) Audit Category: Authorization Policy Change (Vista and Windows Server 2008) Audit Category: Certification Services (Vista and Windows Server 2008) Audit Category: Computer Account Management (Vista and Windows Server 2008) Audit Category: Detailed Directory Service Replication (Vista and Windows Server 2008) Audit Category: Detailed Tracking (Vista and Windows Server 2008) Audit Category: Detailed Tracking (XP, 2000 and 2003) Audit Category: Directory Service (XP, 2000 and 2003) Audit Category: Directory Service Access (Vista and Windows Server 2008) Audit Category: Directory Service Changes (Vista and Windows Server 2008) Audit Category: Directory Service Replication (Vista and Windows Server 2008) Audit Category: Distribution Group Management (Vista and Windows Server 2008) Audit Category: DPAPI Activity (Vista and Windows Server 2008) Audit Category: DS Access (Vista and Windows Server 2008) Audit Category: Event processing (Eventlog source) (Vista and Windows Server 2008) Audit Category: File Share (Vista and Windows Server 2008) Audit Category: File System (Vista and Windows Server 2008) Audit Category: Filtering Platform Connection (Vista and Windows Server 2008) Audit Category: Filtering Platform Packet Drop (Vista and Windows Server 2008) Audit Category: Filtering Platform Policy Change (Vista and Windows Server 2008) Audit Category: Handle Manipulation (Vista and Windows Server 2008) Audit Category: IPsec Driver (Vista and Windows Server 2008) Audit Category: IPsec Extended Mode (Vista and Windows Server 2008) Audit Category: IPsec Main Mode (Vista and Windows Server 2008) Audit Category: IPsec Quick Mode (Vista and Windows Server 2008) Audit Category: Kerberos Authentication Service (Vista and Windows Server 2008) Audit Category: Kerberos Service Ticket Operations (Vista and Windows Server 2008) Audit Category: Kernel Object (Vista and Windows Server 2008) Audit Category: Log automatic backup (Eventlog source) (Vista and Windows Server 2008) Audit Category: Log clear (Eventlog source) (Vista and Windows Server 2008) Audit Category: Logoff (Vista and Windows Server 2008) Audit Category: Logon (Vista and Windows Server 2008) Audit Category: Logon/Logoff (Vista and Windows Server 2008) Audit Category: Logon/Logoff (XP, 2000 and 2003) Audit Category: MPSSVC Rule-Level Policy Change (Vista and Windows Server 2008) Audit Category: Network Policy Server (Vista and Windows Server 2008) Audit Category: Non Audit (Vista and Windows Server 2008) Audit Category: Non Sensitive Privilege Use (Vista and Windows Server 2008) Audit Category: Object Access (Vista and Windows Server 2008) Audit Category: Object Access (XP, 2000 and 2003) Audit Category: Other Account Logon Events (Vista and Windows Server 2008) Audit Category: Other Account Management Events (Vista and Windows Server 2008) Audit Category: Other Logon/Logoff Events (Vista and Windows Server 2008) Audit Category: Other Object Access Events (Vista and Windows Server 2008) Audit Category: Other Policy Change Events (Vista and Windows Server 2008) Audit Category: Other Privilege Use Events (Vista and Windows Server 2008) Audit Category: Other System Events (Vista and Windows Server 2008) Audit Category: Policy Change (Vista and Windows Server 2008) Audit Category: Policy Change (XP, 2000 and 2003) Audit Category: Privilege Use (Vista and Windows Server 2008) Audit Category: Privilege Use (XP, 2000 and 2003) Audit Category: Process Creation (Vista and Windows Server 2008) Audit Category: Process Termination (Vista and Windows Server 2008) Audit Category: Registry (Vista and Windows Server 2008) Audit Category: RPC Events (Vista and Windows Server 2008) Audit Category: SAM (Vista and Windows Server 2008) Audit Category: Security Group Management (Vista and Windows Server 2008) Audit Category: Security State Change (Vista and Windows Server 2008) Audit Category: Security System Extension (Vista and Windows Server 2008) Audit Category: Sensitive Privilege Use (Vista and Windows Server 2008) Audit Category: Service shutdown (Eventlog source) (Vista and Windows Server 2008) Audit Category: Special Logon (Vista and Windows Server 2008) Audit Category: Subcategory could not be determined (Vista and Windows Server 2008) Audit Category: System (Vista and Windows Server 2008) Audit Category: System Events (XP, 2000 and 2003) Audit Category: System Integrity (Vista and Windows Server 2008) Audit Category: User Account Management (Vista and Windows Server 2008) Audit directory service access Audit logon events Audit object access Audit Policy Audit policy change Audit privilege use Audit process tracking Audit Subcategory: Credential Validation Audit system events Audit: Audit the use of Backup and Restore privilege Audit: Audit the use of global system objects Audit: Shut down system immediately if unable to log security audits Auditpol Back up files and directories Bypass traverse checking Change the system time Create a pagefile Create a token object Create global objects Create permanent shared objects DCOM: Machine Access Restrictions In Security Descriptor Definition Language (SDDL) syntax DCOM: Machine Launch Restrictions In Security Descriptor Definition Language (SDDL) syntax Debug programs Deny access to this computer from the network Deny logon as a batch job Deny logon as a service Deny logon locally Deny logon through Terminal Services Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior Domain Controller: Allow server operators to schedule tasks Domain Controller: LDAP server signing requirements Domain Controller: Refuse machine account password changes Domain Member: Digitally encrypt or sign secure channel data (always) Domain Member: Digitally encrypt secure channel data (when possible) Domain Member: Digitally sign secure channel data (when possible) Domain Member: Disable machine account password changes Domain Member: Maximum machine account password age Domain Member: Require strong (Windows 2000 or later) session key Enable computer and user accounts to be trusted for delegation Enforce password history Enforce User Logon Restrictions Event Log File System Force shutdown from a remote system Generate security audits Impersonate a client after authentication Increase scheduling priority Interactive logon: Display user information when the session is locked Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case domain controller is not available) Interactive logon: Prompt the user to change password before expiration Interactive logon: Require Domain Controller authentication to unlock workstation Interactive logon: Require smart card Interactive logon: Smart card removal behavior IP Security Policies Kerberos Policies Load and unload device drivers Local Policies Lock pages in memory Log on as a batch job Log on as a service Logon rights Manage auditing and security log Maximum Lifetime For Service Ticket Maximum Lifetime For User Ticket Maximum Lifetime For User Ticket Renewal Maximum password age Maximum Tolerance For Computer Clock Synchronization Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network server: Amount of idle time required before suspending session Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Minimum password age Minimum password length Modify firmware environment values Network access: Allow anonymous SID/Name translation Network access: Do not allow anonymous enumeration of SAM accounts Network access: Do not allow anonymous enumeration of SAM accounts and shares Network access: Do not allow storage of credentials or .NET Passports for network authentication Network access: Let Everyone permissions apply to anonymous users Network access: Named Pipes that can be accessed anonymously Network access: Remotely accessible registry paths Network access: Remotely accessible registry paths and sub-paths Network access: Restrict anonymous access to Named Pipes and Shares Network access: Shares that can be accessed anonymously Network access: Sharing and security model for local accounts Network security: Do not store LAN Manager hash value on next password change Network security: Force log off when logon hours expire Network security: LAN Manager authentication level Network security: LDAP client signing requirements Network security: minimum session security for NTLM SSP based (including secure or RPC) servers Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Password must meet complexity requirements Password Policy Perform volume maintenance tasks Profile single process Profile system performance Public Key Policies Recommended Baseline Audit Policy for Windows Server 2008 Recovery console: Allow automatic administrative logon Recovery console: Allow floppy copy and access to all drives and all folders Registry Remove computer from docking station Replace a process level token Reset account lockout counter after Restore files and directories Restricted Groups SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeBackupPrivilege SeBatchLogonRight SeChangeNotifyPrivilege SeCreateGlobalPrivilege SeCreatePagefilePrivilege SeCreatePermanentPrivilege SeCreateTokenPrivilege Security Options SecurityLogEventID675 SeDebugPrivilege SeDenyBatchLogonRight SeDenyInteractiveLogonRight SeDenyNetworkLogonRight SeDenyRemoteInteractiveLogonRight SeDenyServiceLogonRight SeImpersonatePrivilege SeIncreaseBasePriorityPrivilege SeInteractiveLogonRight SeLoadDriverPrivilege SeLockMemoryPrivilege SeMachineAccountPrivilege SeManageVolumePrivilege SeNetworkPrivilege SeProfileSingleProcessPrivilege SeRemoteInteractiveLogonRight SeRemoteShutdownPrivilege SeRestorePrivilege SeSecurityPrivilege SeServiceLogonRight SeShutdownPrivilege SeSyncAgentPrivilege SeSystemEnvironmentPrivilege SeSystemtimePrivilege SeTakeOwnershipPrivilege SeTcbPrivilege Shut down the system Shutdown: Allow system to be shut down without having to log on Shutdown: clear virtual memory pagefile Software Restrictions Store passwords using reversible encryption Synchronize directory service data System cryptography: Force strong key protection for user keys stored on the computer System cryptography: Use FIPS compliant algorithms for encryption, crashing, and signing System objects: Default owner for objects created by members of the Administrators group System objects: Require case insensitivity for non–Windows subsystems System objects: strengthen default permissions of internal system objects (e.g. Symbolic Links) System Services System settings: Optional subsystems System Settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Take ownership of files and other objects Terms and Conditions Tracking user rights with the security log Uncategorized events User Rights Assignment User rights in-depth Windows Security Log Windows Security Log Event ID 1100 Windows Security Log Event ID 1101 Windows Security Log Event ID 1102 Windows Security Log Event ID 1104 Windows Security Log Event ID 1105 Windows Security Log Event ID 1108 Windows Security Log Event ID 4608 Windows Security Log Event ID 4609 Windows Security Log Event ID 4610 Windows Security Log Event ID 4611 Windows Security Log Event ID 4612 Windows Security Log Event ID 4614 Windows Security Log Event ID 4615 Windows Security Log Event ID 4616 Windows Security Log Event ID 4618 Windows Security Log Event ID 4621 Windows Security Log Event ID 4622 Windows Security Log Event ID 4624 Windows Security Log Event ID 4624 Windows Security Log Event ID 4625 Windows Security Log Event ID 4634 Windows Security Log Event ID 4646 Windows Security Log Event ID 4647 Windows Security Log Event ID 4648
