1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Windows event log configuration

Collapse
X
1 to 7 of 7 Previous template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
1 to 7 of 7 Previous template Next
    #1

    Windows event log configuration

    I'm getting seriously rusty on the technical aspects of Windows these days.

    Does anyone know if the following are available to record as events?

    - Use of "Run as Administrator"

    - Provision of Administrator credentials when prompted by the OS
    "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.
    Tags: None
    #2
    Originally posted by DaveB View Post
    I'm getting seriously rusty on the technical aspects of Windows these days.

    Does anyone know if the following are available to record as events?

    - Use of "Run as Administrator"

    - Provision of Administrator credentials when prompted by the OS
    Yes they are. There are 3 tokens as I remember depending on the elevation and if it was Run as Admin, Run with credentials and run with no UAC. Cannot remember the event ID's but a quick google you should fine them.

    Comment

      #3
      There you go How to Configure Auditing for Privilege Elevation - Windows 7 Tutorial

      Comment

        #4
        Cheers both
        "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

        Comment

          #5
          And when you get tired of wading through the logs looking for that one off event try elex

          Windows event log management software, monitor system, application and security event logs — FSPro Labs

          It is bloody marvelous at filtering and exporting just the bits that matter often across multiple machines
          Only one thing to bear in mind if you want to enumerate account ids don't run it off line against saved logs

          I can't describe how useful this tool was to me auditing specific user access on dozens of believed redundant servers last year
          So now I am worried, am I being deceived, just how much sugar is really in a spoon full!

          Comment

            #6
            You've not been asked to look at it by Paul from Microsoft Security Team have you?
            The greatest trick the devil ever pulled was convincing the world that he didn't exist

            Comment

              #7
              Originally posted by DallasDad View Post
              And when you get tired of wading through the logs looking for that one off event try elex

              Windows event log management software, monitor system, application and security event logs — FSPro Labs

              It is bloody marvelous at filtering and exporting just the bits that matter often across multiple machines
              Only one thing to bear in mind if you want to enumerate account ids don't run it off line against saved logs

              I can't describe how useful this tool was to me auditing specific user access on dozens of believed redundant servers last year
              Thanks for this link I will take a look, just to add another useful tool - Log Parser Studio
              https://gallery.technet.microsoft.co...tudio-cd458765

              Comment

              Reply to Thread
              1 to 7 of 7 Previous template Next

              Advertisers

              1. Contracting
                1. General
                  1. Brexit
                2. Business / Contracts
                  1. Coronavirus Assistance
                3. Accounting / Legal
                  1. Umbrella Companies
                  2. HMRC Scheme Enquiries
                  3. The Future of Contracting
                  4. IR35 Reform
                4. Technical
                5. Welcome / FAQs
              2. Social
                1. Light Relief
                2. Social / Events
              Working...
              X