\u00a0<\/p>\n
As proof against threats from malicious users inside or outside the enterprise \u2013 and to comply with regulatory authorities \u2013 it\u2019s essential to keep a close eye on what\u2019s happening in your Windows environment by monitoring and auditing user activities over your Windows Server-based network. This guide should help.<\/span><\/p>\n Of the major operating systems, Windows provides the biggest set of security features. But Netware, UNIX and even the mainframe have the edge, when it comes to basic login session controls. When a Windows user logs on, there isn\u2019t even a display of their previous logon time.<\/span><\/p>\n \u00a0<\/p>\n In the Windows environment, monitoring of logon sessions, reporting of logons and logoffs, and control of concurrent logins are all absent, as is the remote logoff of sessions on workstations.<\/span><\/p>\n \u00a0<\/p>\n Group-defined restrictions of workstations and logon times are also missing, as are enforceable logoffs when allocated logon times have expired.<\/span><\/p>\n \u00a0<\/p>\n Depending on your audit settings, the information recorded by Windows may be dense, cryptic, and poorly documented.<\/span><\/p>\n Monitoring logon events \u00a0<\/p>\n Logon attempts which succeed can yield valuable information too \u2013 and can help ensure the continued health of your network infrastructure.<\/span><\/p>\n Monitoring successful logon attempts provides information on the activities of your users, both in a business productivity sense, and from a security perspective.<\/span><\/p>\n \u00a0<\/p>\n Potentially abnormal events like a single user simultaneously requesting access to multiple resources, or users logging on outside normal working hours may be a red flag for suspicious activity worthy of further investigation.<\/span><\/p>\n \u00a0<\/p>\n Even the activities of privileged users like system administrators need to be monitored from a security standpoint, and for regulatory compliance.<\/span><\/p>\n \u00a0<\/p>\n A log management tool \u00a0<\/p>\n Since user names in Windows don\u2019t indicate group affiliations and may be time-dependent, it\u2019s essential to use a log management tool capable of establishing a user\u2019s privileges at the time that an event caused by their activities was logged.<\/span><\/p>\n Mistyped passwords and unauthorised attempts to gain access to computers and network resources are at the opposite ends of the scale, when it comes to failed logons. Failed logons to a print server may indicate that your printer hardware or software is down. But there\u2019s more to it, than that.<\/span><\/p>\n \u00a0<\/p>\n With service accounts \u2013 especially with services that don\u2019t belong to authorised applications \u2013 failed logons may be an indication of malware.<\/span><\/p>\n \u00a0<\/p>\n When a service is authorised, or forms a part of your network infrastructure, failed service account logons may point to downtime issues. \u00a0<\/p>\n If computer accounts fail to log in, there may be underlying issues with network configuration, authentication protocols or IPSec policies. All have the potential to disrupt your operations.<\/span><\/p>\n \u00a0<\/p>\n Automated brute force attacks may be the real cause behind a large number of failed logon attempts recorded in a short time period. If your account lockout protocols aren\u2019t strong enough, this could have dire consequences.<\/span><\/p>\nWhat Windows Lacks<\/span><\/h2>\n
Success or Failure?
![\"microsoftlogin_login\"](\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2016\/02\/microsoftlogin_login.png\")
<\/a><\/span><\/h2>\n<\/a>is useful not only for failed attempts to gain access, which may indicate malicious attempts to infiltrate your system.<\/span><\/p>\nKnowing Who\u2019s Who<\/span>\u00a0<\/span><\/h2>\n
<\/a>configured to collect user information according to rules and time frameworks that you establish beforehand can categorise user activity and manage logon events. The software should be capable of identifying privileged administrative users, and categorising their activities, accordingly.<\/span><\/p>\nThe Price of Failure<\/span>\u00a0<\/span><\/h2>\n
<\/a><\/span><\/p>\nSetting Your Audit Policy<\/span><\/h2>\n