Windows 7 Güvenlik Denetimi kapatılıyor - Neye göre?


0

Bu beni deli ediyor. Bir çözüm için yüksek ve düşük aradım ama hiçbir şey bulamadım. ben did bulmak bu Çözümü düşündüğüm soru Auditpol.exe . Nafile.

Windows Denetim Politikamı ya da secpol.msc veya gpedit.msc . Sorun şu ki birkaç dakika sonra temizleniyorlar ( herşey "Denetim Yok" olarak ayarlanmış). Olay günlüğünden elde ettiğim tek ipucu:

System audit policy was changed.

Subject:
Security ID:        SYSTEM
Account Name:       MYCOMPUTERNAME$
Account Domain:     WORKGROUP
Logon ID:           0x3e7

Audit Policy Change:
Category:           Account Logon
Subcategory:        Kerberos Authentication Service
Subcategory GUID:   {0cce9242-69ae-11d9-bed3-505054503030}
Changes:            Success removed, Failure removed

Bunların sonundan sonra, Güvenlik Olay Günlüğüne başka bir yazı yazılmayacak.

Sistem yapılandırmam :

OS: Windows 7 Ultimate w/ SP1
Processor: x64
RAM: 12 GB
NOT Domain-joined. In WORKGROUP (so, no Group Policy is being applied).
Windows Firewall enabled
Microsoft Security Essentials

Güncelleştirme:

Ayrıca, bu konuda Microsoft'un Topluluk Forumlarında da yardım istedim ve aldığım yanıttan (Microsoft'tan) konuyu anlamadıkları açık. Bu amaçla, buraya daha fazla ayrıntı eklemenin uygun olabileceğini düşündüm.

Denetimi yapılandırmak için kullandığım belirli komutlar şunlardır:

auditpol.exe /set /category:"Account Logon" /success:enable /failure:enable
auditpol.exe /set /category:"Account Management" /success:enable /failure:enable
auditpol.exe /set /category:"Detailed Tracking" /success:disable /failure:disable
auditpol.exe /set /category:"DS Access" /success:disable /failure:enable
auditpol.exe /set /category:"Logon/Logoff" /success:enable /failure:enable
auditpol.exe /set /category:"Object Access" /success:disable /failure:disable
auditpol.exe /set /category:"Policy Change" /success:disable /failure:enable
auditpol.exe /set /category:"Privilege Use" /success:disable /failure:enable
auditpol.exe /set /category:"System" /success:enable /failure:enable

auditpol.exe /set /subcategory:"Audit Policy Change" /success:enable /failure:enable
auditpol.exe /set /subcategory:"Authentication Policy Change" /success:enable /failure:enable
auditpol.exe /set /subcategory:"Authorization Policy Change" /success:enable /failure:enable
auditpol.exe /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:enable

ve auditpol.exe / get / category adresinden çıktı: *

System audit policy
Category/Subcategory                      Setting
System
  Security System Extension               Success and Failure
  System Integrity                        Success and Failure
  IPsec Driver                            Success and Failure
  Other System Events                     Success and Failure
  Security State Change                   Success and Failure
Logon/Logoff
  Logon                                   Success and Failure
  Logoff                                  Success and Failure
  Account Lockout                         Success and Failure
  IPsec Main Mode                         Success and Failure
  IPsec Quick Mode                        Success and Failure
  IPsec Extended Mode                     Success and Failure
  Special Logon                           Success and Failure
  Other Logon/Logoff Events               Success and Failure
  Network Policy Server                   Success and Failure
Object Access
  File System                             No Auditing
  Registry                                No Auditing
  Kernel Object                           No Auditing
  SAM                                     No Auditing
  Certification Services                  No Auditing
  Application Generated                   No Auditing
  Handle Manipulation                     No Auditing
  File Share                              No Auditing
  Filtering Platform Packet Drop          No Auditing
  Filtering Platform Connection           No Auditing
  Other Object Access Events              No Auditing
  Detailed File Share                     No Auditing
Privilege Use
  Sensitive Privilege Use                 Failure
  Non Sensitive Privilege Use             Failure
  Other Privilege Use Events              Failure
Detailed Tracking
  Process Termination                     No Auditing
  DPAPI Activity                          No Auditing
  RPC Events                              No Auditing
  Process Creation                        No Auditing
Policy Change
  Audit Policy Change                     Success and Failure
  Authentication Policy Change            Success and Failure
  Authorization Policy Change             Success and Failure
  MPSSVC Rule-Level Policy Change         Failure
  Filtering Platform Policy Change        Failure
  Other Policy Change Events              Failure
Account Management
  User Account Management                 Success and Failure
  Computer Account Management             Success and Failure
  Security Group Management               Success and Failure
  Distribution Group Management           Success and Failure
  Application Group Management            Success and Failure
  Other Account Management Events         Success and Failure
DS Access
  Directory Service Changes               Failure
  Directory Service Replication           Failure
  Detailed Directory Service Replication  Failure
  Directory Service Access                Failure
Account Logon
  Kerberos Service Ticket Operations      Success and Failure
  Other Account Logon Events              Success and Failure
  Kerberos Authentication Service         Success and Failure
  Credential Validation                   Success and Failure

Birkaç dakika sonra ve denetim ile ilgili hiçbir şeye dokunmadan, tekrarlanan sonuçlar:

System audit policy
Category/Subcategory                      Setting
System
  Security System Extension               No Auditing
  System Integrity                        No Auditing
  IPsec Driver                            No Auditing
  Other System Events                     No Auditing
  Security State Change                   No Auditing
Logon/Logoff
  Logon                                   No Auditing
  Logoff                                  No Auditing
  Account Lockout                         No Auditing
  IPsec Main Mode                         No Auditing
  IPsec Quick Mode                        No Auditing
  IPsec Extended Mode                     No Auditing
  Special Logon                           No Auditing
  Other Logon/Logoff Events               No Auditing
  Network Policy Server                   No Auditing
Object Access
  File System                             No Auditing
  Registry                                No Auditing
  Kernel Object                           No Auditing
  SAM                                     No Auditing
  Certification Services                  No Auditing
  Application Generated                   No Auditing
  Handle Manipulation                     No Auditing
  File Share                              No Auditing
  Filtering Platform Packet Drop          No Auditing
  Filtering Platform Connection           No Auditing
  Other Object Access Events              No Auditing
  Detailed File Share                     No Auditing
Privilege Use
  Sensitive Privilege Use                 No Auditing
  Non Sensitive Privilege Use             No Auditing
  Other Privilege Use Events              No Auditing
Detailed Tracking
  Process Termination                     No Auditing
  DPAPI Activity                          No Auditing
  RPC Events                              No Auditing
  Process Creation                        No Auditing
Policy Change
  Audit Policy Change                     No Auditing
  Authentication Policy Change            No Auditing
  Authorization Policy Change             No Auditing
  MPSSVC Rule-Level Policy Change         No Auditing
  Filtering Platform Policy Change        No Auditing
  Other Policy Change Events              No Auditing
Account Management
  User Account Management                 No Auditing
  Computer Account Management             No Auditing
  Security Group Management               No Auditing
  Distribution Group Management           No Auditing
  Application Group Management            No Auditing
  Other Account Management Events         No Auditing
DS Access
  Directory Service Changes               No Auditing
  Directory Service Replication           No Auditing
  Detailed Directory Service Replication  No Auditing
  Directory Service Access                No Auditing
Account Logon
  Kerberos Service Ticket Operations      No Auditing
  Other Account Logon Events              No Auditing
  Kerberos Authentication Service         No Auditing
  Credential Validation                   No Auditing

Olay günlüğünde değişiklikleri yapan şeyin bir göstergesi yoktur.


Bundan önceki olaylar neydi?
Colyn1337

Yanıtlar:


Sitemizi kullandığınızda şunları okuyup anladığınızı kabul etmiş olursunuz: Çerez Politikası ve Gizlilik Politikası.
Licensed under cc by-sa 3.0 with attribution required.