Windows Security – Note (2)

0
199

 

 

การเข้าถึง Local Security Policy

Command Line = secpol.msc

ใน GUI ให้ใช้ Menu Search พิมพ์ Local Security Policy

EVENT ID ที่สำคัญ เกี่ยวกับความปลอดภัย

::: Windows 2008 – ขึ้นไป

::: 4624 – An account was successfully logged on.

::: 4625 – An account failed to log on.

::: 4649 – A replay attack was detected.

::: 4720 – A user account was created.

::: 4740 – A user account was locked out.

::: 4723 – An attempt was made to change an account’s password.

::: 4724 – An attempt was made to reset an account’s password.

::: 4698 – A scheduled task was created.

::: e1102 – The Specified user cleared the Security Log.

หมายเหตุ

::: Windows 2003

::: 528 – An account was successfully logged on.

::: 529 – Bad Password

::: 680 – An account failed to log on.

::: 681 – FailedToLogOn

::: 642 – ResetPassword

::: 624 – CreatedUser

::: 644 – UserLockout

::: 540 – NetworkLogOn

ตัวอย่างคำสั่งสำหรับใช้งาน

Logparser.exe “SELECT TimeGenerated, SourceName, EventCategoryName, Message INTO c:\4698_SuccessToLogOn.csv FROM Security WHERE EventID = 4698