Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

logon success and failure auditing

Posted on 2013-11-11
4
Medium Priority
?
437 Views
Last Modified: 2013-11-20
Can anyone elaborate on the risk on not enabling logon success and failure auditing on file servers? Our admin doesnt enable auditing for such events and doesnt see it as a risk - as its only a select few IT admins who could ever logon anyway, so doesnt see what value such auditing would bring. Can anyone give a good example where logon success and failure would be required - and issues that could arise by not enabling logon success or failure.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Radhakrishnan R
ID: 39638166
Hi,

This is the best practice for security audits http://technet.microsoft.com/en-us/library/cc778162(v=ws.10).aspx

You can use this link to configure security audits http://technet.microsoft.com/en-us/library/dd277403.aspx
0
 
LVL 3

Author Comment

by:pma111
ID: 39638172
Thats not really the question though - the question is what is the risk in not enabling auditing - when will it come back to haunt you.
0
 
LVL 23

Accepted Solution

by:
Radhakrishnan R earned 1000 total points
ID: 39638179
Risk - You can not find out users who has logged in and out successfully on the domain.

You will not be able to find out user's / Computer's in case of major virus attack either from client or server.

Mapped drive access - You can not identify who is accessing the shares.

You will not be able to see if any modification happened on the server, I.e - Somebody changed the server time.

There are plenty of risk factors for not enabling security audits.

Hope this clarify your query
0
 
LVL 2

Assisted Solution

by:daniel0
daniel0 earned 1000 total points
ID: 39638509
At the AD enabling the auditing is not a risk to be get in. Its like up to your requirment that satisfy the need of your auditing. Moreover enabling the auditing of Log on and log off is you would able to get an report of all the user who are log in to the system.

There are few applications also who does the same AD auditing work . You can test them to get an idea and complexity about the drawbacks. If in case you are concerend about the issues then only issues that can arrive is about of Replication issues.

Please have a look at this link for the details.

http://technet.microsoft.com/en-us/library/cc949120(v=ws.10).aspx

Thanks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question