I've gone through our group policies, and from what I can see the only thing enable is Object Access (success and failure) however, we haven't specified any objects to audit. But still there are logs in our security log - why ???!!! Below is an example of one:
I've gone to C:\program files\trend micro\officescan client and there's nothing under Auditing on the security tab - so where is this comming from? Any help would be greatly appreciated.
Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
Code:
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 04/10/2006
Time: 10:22:43
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Object Open:
Object Server: Security
Object Type: WindowStation
Object Name: \Windows\WindowStations\WinSta0
Handle ID: 40
Operation ID: {1,1596356799}
Process ID: 9392
Image File Name: C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
Primary User Name: SERVER$
Primary Domain: DOMAIN.LOCAL
Primary Logon ID: (0x0,0x3E7)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Enumerate desktops
Read attributes
Access Clipboard
Create desktop
Write attributes
Access global atoms
Exit windows
Include this windowstation in enumerations
Read screen
Privileges: -
Restricted Sid Count: 0
Access Mask: 0xF037F
I've gone to C:\program files\trend micro\officescan client and there's nothing under Auditing on the security tab - so where is this comming from? Any help would be greatly appreciated.
Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau