Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
523
Views
0
Helpful
2
Replies

CSA User authentication auditing rule and Policy conflicts

sheikh ahmed zubedi
Level 1
Level 1

‎05-09-2009 06:39 AM - edited ‎02-21-2020 10:23 AM

Hi there

We have CSA 5.2 in our environment and i created a custom policy and added the 'user authentication auditing' rule and enabled auditing failure events on windows XP machine but i dont see any failure attempts in the CSA MC event log even though i tried to logon on with invalid passwords.What could be the reason for this.

Secondly i was wondering what happens when i apply two policies, Are the policy settings added and applied to the group or one policy gets priority over the other

Thanks for your anwers

Ahmed

Labels:
0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

‎05-12-2009 02:05 AM

All rules in all policies that are attached to a group get compared and prioritized by their specificity and action type, so if you attach two policies to a group, csa will generate a ruleset containing all the individual rules from those policies.

0 Helpful

tsteger1
Level 8
Level 8

‎05-13-2009 12:49 PM

Have you checked the security event logs on the machines in question? If there are no events there, CSA cannot report them.

That's where CSA gets the info and by default, there is no account auditing in Windows XP.

You have to enable it either via group or local policy.

Tom

0 Helpful
Customers Also Viewed These Support Documents
Top