Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] - نسخه متنی

Roberta Bragg

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

اذهب
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Table of Contents
Index
Reviews
Reader Reviews
Errata

Windows Server 2003 in a Nutshell
By Publisher: O''Reilly
Pub Date: September 2003
ISBN: 0-596-00404-4
Pages: 662

Microsoft has introduced the right server for a world now dominated by highly distributed systems and web-based server applications, and O''Reilly

Windows Server 2003 in a Nutshell is the most thorough and practical reference to this important new server. With complete coverage of both the GUI and Command line features, functions and commands, as well as tips and notes detailing subtle points and potential "gotchas", this book will quickly earn a permanent place on your desk top.

توضیحات
افزودن یادداشت جدید









Event LogsTasks

These tasks assume that you already have Event Viewer open.

Configure an Event Log


To configure the size and

retention settings of an event log, do
the following:

Right-click on an event log Properties

The maximum log size can range between 64 KB and 4 GB (512 KB is the
default). Monitor your logs, and if they grow too quickly, increase
the maximum log size so events don't get lost. You
can configure retention settings in one of three modes:

Overwrite events as needed



This is the default setting and means that circular logging is
configured. Once the log becomes full, old events are deleted to make
room for new ones. This setting can result in loss of important
information and should be changed as soon as your server becomes
operational on the network.


Overwrite events older than seven days



This is another form of circular logging. You can select this option
if you know that your maximum log size is large enough to prevent
your log from getting full, and if you regularly archive your log at
the end of each logging interval and then clear the log to free up
space for the next interval.


Do not overwrite events



Use this setting if you have adequate disk space for the event log
and when security and system functionality is a priority for your
enterprise and you need to keep a long-life paper trail. You must
monitor and archive the log periodically and manually clear the
events before the log becomes full. Otherwise, if the log becomes
full, WS2003 stops writing new events to the log.



If you have configured auditing on your system and security is a
concern, you can configure your system to shut down when the Security
log becomes full. Set the retention setting on the log to
"Do not overwrite events," then use
Registry Editor to create or assign the value of 1 to the
REG_DWORD key called
CrashOnAuditFail in:

HKLM\SYSTEM\CurrentControlSet\Control\Lsa

and reboot your machine (use caution when editing the registry!). If
the Security log fills up, the system will display a message saying
"Audit failed" and will stop
responding. To recover from this, reboot and log on as Administrator,
open Event Viewer, archive the Security log if desired, and then
clear it.


If you want your system to still be configured to stop when the log
becomes full again, you need to recreate the
CrashOnAuditFail registry key at this point.

View an Event Log


Select an event log in the
console tree
to display a list of events in the details pane. Recent events are
listed at the top by default, but you can sort by type, date, and
other attributes by clicking on the heading of each column in the
details pane. Sorting by type lets you check for critical (error)
events quickly; sorting by source helps you troubleshoot problems
associated with specific services or devices; sorting by event ID
helps you isolate specific conditions and system activities that
cause problems. These methods help you quickly determine the
frequency and severity of a problem. Use the up or down arrows to
scroll through events and the other funny button to copy the details
of the event to the clipboard so you can paste it into a document or
email message. Note the event ID if you need to contact a Microsoft
support technician. Double-click on a particular event in the details
pane to display more information about the event.

To filter out unwanted events so you can focus on the problem at hand:

Right-click on an event log Properties Filter

Note that the filter disappears when you connect to a different
computer.

Archive an Event Log


Right-click on an event log Save Log File as specify filename and file type

Event logs are

located in

%SystemRoot%\System32\config . They can be
archived (saved) in one of three formats:

Log-file format (

.evt file)



Can be opened and viewed again only in Event Viewer


Comma-delimited text file (

.csv file)



Can be imported into a spreadsheet or database


Text-file (

.txt file)



Can be cut and pasted into a Word file or other application



Use the

.evt format if you want to keep the
binary information recorded in events, as this information is
discarded with the other formats. Once a log has been archived, you
can view it again by:

Right-click on Event Viewer node open Log File select an archived log file specify the type of log specify a display name if desired Open


/ 415