HP StorageWorks X5000 Technical Manual page 21

Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy

Hide thumbs Also See for StorageWorks X5000:

Release note (39 pages)

Limited warranty (76 pages)

Support manual (17 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

Member Server Default

Success

The Audit logon events setting determines whether to audit each instance of a user logging on to or

off of a computer. Records are generated from the Account logon events setting on domain controllers

to monitor domain account activity and on local computers to monitor local account activity.

Configuring the Audit logon events setting to No auditing makes it difficult or impossible to determine

which user has either logged on or attempted to log on to computers in the enterprise. Enabling the

Success value for the Auditing logon events setting on a domain member will generate an event

each time that someone logs on to the system regardless of where the accounts reside on the system.

If the user logs on to a local account, and the Audit account logon events setting is Enabled, the user

logon will generate two events. There will be no audit record evidence available for analysis after a

security incident takes place if the values for this setting are not configured to Success and Failure for

all three security environments defined in this guide.

Event ID

Audit Logon Events

528

A user successfully logged on to a computer.

529

Logon failure. A logon attempt was made with an unknown user name or a known user

name with a bad password.

530

Logon failure. A logon attempt was made outside the allowed time.

531

Logon failure. A logon attempt was made using a disabled account.

532

Logon failure. A logon attempt was made using an expired account.

533

Logon failure. A logon attempt was made by a user who is not allowed to log on at the

specified computer.

534

Logon failure. The user attempted to log on with a password type that is not allowed.

535

Logon failure. The password for the specified account has expired.

536

Logon failure. The Net Logon service is not active.

537

Logon failure. The logon attempt failed for other reasons.

Note: In some cases, the reason for the logon failure may not be known.

538

The logoff process was completed for a user.

539

Logon failure. The account was locked out at the time the logon attempt was made.

540

A user successfully logged on to a network.

541

Main mode Internet Key Exchange (IKE) authentication was completed between the local

computer and the listed peer identity (establishing a security association), or quick mode

has established a data channel.

542

A data channel was terminated.

543

Main mode was terminated.

Note: This might occur as a result of the time limit on the security association expiring (the

default is eight hours), policy changes, or peer termination.

544

Main mode authentication failed because the peer did not provide a valid certificate or

the signature was not validated.

Audit Logon Events

Legacy Client

Success Failure

Enterprise Client

Success Failure

High Security Client

Success Failure

Table of Contents

This manual is also suitable for:

Nsa security compliancy C2 security compliancy E3-fc2 security compliancy Cc security compliancy

HP StorageWorks X5000 Technical Manual page 21

Related Manuals for HP StorageWorks X5000

Related Products for HP StorageWorks X5000

This manual is also suitable for:

Table of Contents