lock شدن ویندوز

[patris1]

Security auditing tools for small businesses and tight budgets

When we talk about security auditing, we’re really talking about two different aspects:

• Auditing user access to information
• Auditing system configurations

When your organization is small, you may not have a lot of extra room in the budget for auditing tools. The good news is that there are a number of free or low cost software utilities that can help your small business implement both types of auditing.

Auditing user access with Windows auditing feature

If you’re using Windows 2000, XP and/or Server 2003 computers, either in a peer-to-peer network or a domain, you can use the built-in auditing function to set audit policies to log security-related events to the Security log in the Windows Event Viewer. There is no extra cost and no software to install. You can choose to log any or all of the following:

• Logon attempts and events (successful and failed)
• Account management
• Directory service access
• Object access
• Policy changes
• Privilege use
• Process tracking
• System events

Auditing is disabled by default in Windows 2000, but can be turned on easily through the Local Security Policy snap-in. An extra step is necessary to set up auditing of access on a particular object (file, folder, printer). In Windows Server 2003, auditing of account logon and logon events are enabled by default, but object access is not. You can define audit policies for a local computer, domain controller, domain or OU.

For instructions on enabling security auditing on Windows Server 2003, see Enable Security Auditing

It’s important to plan carefully when enabling auditing of object access, as this can result in a very large security log that takes up a lot of disk space and is difficult to sort through. You can also use the Security Configuration Wizard in Server 2003 Service Pack 1 to help you configure auditing.

Auditing system settings with configuration scanners

To audit system configurations and determine if your computers and network devices are securely configured, you can use one of many popular vulnerability scanners. Again, Microsoft provides a free tool that can be used by small businesses on a budget: the Microsoft Baseline Security Analyzer (MBSA).

The MBSA v.2 scans and analyzes the configurations of Windows 2000 SP3 and later operating systems, Office XP and later, Exchange 2000 and later, SQL Server 2000 SP4 and later. The tool can detect common misconfigurations and determine whether your machines have the current service packs and security updates applied.

The MBSA only works for Microsoft products. If you have other operating systems on your network, there are numerous free and low cost vulnerability scanners that support UNIX/Linux. An example is Nessus, an open source vulnerability scanner available from Tenable Network Security

Sophisticated security auditing for the enterprise

As your organization grows, your auditing demands may become more sophisticated. This is especially true if you’re in a regulated industry. Then it’s time to turn to commercial enterprise-level solutions for auditing both access and configuration.

Access auditing for the enterprise

Access auditing products for the enterprise include:

• User File Access Tracker from ByStorm Software records access and changes made to files, without negative impact on performance and without the need to set up databases.
• File System Auditor from ScriptLogic provides real-time monitoring and logs, reports and sends alerts based on file server activity, with events stored in a centralized SQL database.

Enterprise level vulnerability scanners

Configuration/vulnerability scanners designed for large organizations provide for centralized scanning of large numbers of systems with centralized reporting. They don’t come cheap, but they can make auditing of your network assets much easier. Some examples include:

• Sunbelt Network Security Inspector (SNSI) from Sunbelt Software, which supports a wide variety of Windows and UNIX/Linux operating systems as well as Macintosh OS X, HP printers and Cisco network devices. Per-administrator licensing makes it cost effective in large environments.
• LANguard Network Security Scanner (NSS) from GFI gives you per-IP address information about all the machines on your network, as well as wireless access points and USB devices. The ReportPack add-on lets you create graphical reports geared toward both IT and management uses.

Planning a security auditing solution that will grow with your organization

The key to developing a security auditing solution that will grow as your organization does is to plan ahead. Assess your auditing needs based on regulatory status, nature of business, sensitivity of data, network infrastructure, and threat levels and exposure.

Auditing can be deployed in a layered construction, beginning with auditing of a few local machines and transitioning to domain-wide auditing or centralized auditing via third party products by adding layers (and removing layers at the other end if/when they are no longer needed).

A good audit plan takes into consideration what needs to be audited, who needs to be audited, when auditing is needed, where auditing is needed, and how the audit information is to be formatted and used.

[MCITP]

ضمن تشکر از راهنمایی کامل و جامع تون من الان event ها رو می تونم ببینم اما ازشون سر در نمیارم تو logon/logoff ها اسم یوزرایی که اصلاً بهش کانکت نشدن و یا اسم کامپیوتربا علامت $ هست که نمیدون چیه؟
چه طور می تونم بفهم کدوم یوزر وارد اون کامپیوتر شده و یا کدوم یوزر از منابع شیر شده اون استفاده میکنه
در ضمن مشکل اول من که بدون علت کامپیونر قفل میشه (تو گروپ پالسی هم نگاه کردم اصلاً برای یوزرا scree sver و resume on password protect انتخاب نشده اند.)

[MCITP]

من هنوز مشکلم حل نشده ممنون میشم راهنماییم کنیین