How can you find out if someone is trying to change your policy?
Results 1 to 6 of 6

Thread: How can you find out if someone is trying to change your policy?

  1. #1
    Member
    Join Date
    Nov 2004
    Posts
    42

    How can you find out if someone is trying to change your policy?

    Can someone please tell me how I can find out if anybody (without access) is trying to
    change my policies.

    This is in regards to Windows 2000 Operating system.

  2. #2
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    enable auditing. audit policy changes - both failure and success. and pay attention to the date and times.
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Man, you have to be more specific. What exactly are you looking for? Without knowing exactly what you are talking about, I would say you could start logging privilage useage and object access. That is a start. Next time be a little more specific with your questions.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    without access
    Have you seen the film, "Scanners".

    Well unless they are scanners it's impossible........................Or did you mean something else.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Member
    Join Date
    Nov 2004
    Posts
    42

    Yeah I actually seen scanners, a long time ago though, but that's not what I meant.

    anyway thanks secure_lockdown,

    I eventually found Audit policy like you said and I just checked
    successes and failures on Audit Policy Change.

    Thanks for the tip sysmin770, I'll take it on board.

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    good link to local policies. naturally, if you are domain, you will be tweaking domain cntrl policies.
    http://www.microsoft.com/technet/Sec.../w2kadm10.mspx
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •