User Rights Assignment; Table 6 Summary Of Audit Policy Settings; Table 7 List Of Recommended User Rights Settings - Cisco TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0 Configuration Manual

Table 6 Summary of audit policy settings

Policy
Audit account logon
events
Audit account
management
Audit directory service
access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events

User rights assignment

User rights assignments provide users and groups with logon rights or privileges on the server. To
access the user rights assignment, go to Windows Start > Control Panel > Administrative Tools >
Local Security Policy> Local Policy > User Rights Assignment.

Table 7 List of recommended user rights settings

Policy
Access this computer from the
network (SeNetworkLogonRight)
4
See documentation from
Development for additional information on SQL service accounts.
Cisco TMS Secure Server Configuration Guide 13.0
Security
Setting
Success, Failure The 'Audit account logon events' policy determines
whether to log authentication of local users. Both
security settings should be logged.
Success, Failure The 'Audit account management' policy determines
whether to log the creation, modification and deleting of
accounts. To determine who creates, modifies and
deletes accounts as well as to monitor failed attempts
that could indicate an attack. Log both security settings.
Failure
The 'Audit directory service access' setting determines
whether to audit the event of a user accessing an Active
Directory object that has its own system access control
list (SACL) specified. Set to Failure.
Success, Failure The 'Audit logon events' policy determines whether to
log local account activity. Log both success and failure.
Failure The 'Audit object access' policy determines whether to
log events when a user accesses an object such as a
file, folder or registry key. Log only failures.
Success The 'Audit policy change' policy determines whether to
log changes to user rights assignment policies, trust
policies and audit policies. Log only successes.
Failure The 'Audit privilege use' policy determines whether to
log use of a user right. Failures should be logged as a
failed privilege use can indicate an attempted security
breach.
No Auditing The 'Audit process tracking' policy determines whether
to log detailed tracking information for events such as
program activation, process exit, handle duplication, and
indirect object access. As this would generate a large
number of events, the setting should be No auditing.
Success The 'Audit system events' policy determines whether to
log events such as restarts and shutdown and events
affecting security. Log only success.
Security Setting
Administrators, Authenticated Users, ENTERPRISE DOMAIN
CONTROLLERS, IUSR_<machinename>,
IWAM_<machinename>
Microsoft Support and Setting Up Windows Service Accounts
Securing Windows Server 2003 tasks
4
.
from Microsoft
Page 21 of 34