Excessive security events 4624 and 4634

I have a Farm with WFE and SQL. The Farm is setup with least priv accounts. I am faced with a problem that the service account and farm account is showing in the Event viewer Security logs as Audit Success. However there are 7000+ for each per hour.
Is there any explanation for this or anyway to abate it? I have another Farm that the events do not get recorded at all.
Jeff Tucker Engineer

They log into the server they're running services on. It isn't an interactive login, but either a batch or service login (usually service). This is normal behavior, and configurable via Audit Policy.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Similar Messages

  • OpsMgr EventId 26007 on Domain Controllers "The EventLog service reported that the Security event log on computer ' ' is corrupt."

    Hi,
    We are receiving several eventids '26007' from the OpsMgr log on our Domain Controllers, also eventids '26008' with similar description are logged
    The EventLog service reported that the Security event log on computer '<Domain Controller Computer>' is corrupt. The Windows Event Log Provider will attempt to recover by re-opening log.
    I'll appreciate any suggestion in order to solve this issue.
    Regards.

    I guess this issue is caused by event ID 4661 is corrupted in security event log.
    Please check if you have many 4661 events in security event log and XML view cannot be viewed.
    Running the below command on DC will disable the auditing of the SAM Object access. This should stop the Event ID 4661 from being logged which should stop the Alert regarding corrupt Event log:
    auditpol /set /subcategory:"SAM" /success:disable /failure:disable
    Regards,

  • How can I turn off Event ID 5156 AND 5145 in the Security Event Log?

    Hi,
    I have a high volume web service.   Everytime there is a connection from the outside, it logs this in my security event log.
    I want to turn this off.
    How can I stop the logging of event id 5156 on the web server and 5145 on the file server?
    Thanks!
    Dane!

    Hi,
    Thanks for posting in Microsoft TechNet forums.
    The problem can be related to Audit settings. Please check the following threads to see if the information can be useful during the troubleshooting:
    auditing file share on windows 2008 R2
    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/9e633bad-cda6-4ec4-8f04-c01de57ce767
    Event ID 5156 filling up event logs. Probably due to anti-virus software (SEP 11)
    http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/8044fb62-f5ea-45b5-b717-3f6592af77e0
    Regards
    Kevin
    TechNet Subscriber Support
    If you are
    TechNet Subscription user and have any feedback
    on our support quality, please send your feedback here.

  • Cannot generate Account Logon Events (Event ID 4624) in Security Event Log on Server 2008 R2 Domain Controller

    I have configured the Default Domain Controller's policy to log SUCCESS for Account Logon Events in the Server 2008 R2 Domain Controller, but these events are not logging in the Security Event log.
    Default Domain Controllers Policy
    Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policies/Audit Account Logon Events = Success.
    What tools can I use to troubleshoot this further? The results of "Auditpol.exe /get /category:*" are below.
    System audit policy
    Category/Subcategory                      Setting
    System
      Security System Extension               No Auditing
      System Integrity                        No Auditing
      IPsec Driver                            No Auditing
      Other System Events                     No Auditing
      Security State Change                   No Auditing
    Logon/Logoff
      Logon                                   No Auditing
      Logoff                                  No Auditing
      Account Lockout                         No Auditing
      IPsec Main Mode                         No Auditing
      IPsec Quick Mode                        No Auditing
      IPsec Extended Mode                     No Auditing
      Special Logon                           No Auditing
      Other Logon/Logoff Events               No Auditing
      Network Policy Server                   No Auditing
    Object Access
      File System                             No Auditing
      Registry                                No Auditing
      Kernel Object                           No Auditing
      SAM                                     No Auditing
      Certification Services                  No Auditing
      Application Generated                   No Auditing
      Handle Manipulation                     No Auditing
      File Share                              No Auditing
      Filtering Platform Packet Drop          No Auditing
      Filtering Platform Connection           No Auditing
      Other Object Access Events              No Auditing
      Detailed File Share                     No Auditing
    Privilege Use
      Sensitive Privilege Use                 No Auditing
      Non Sensitive Privilege Use             No Auditing
      Other Privilege Use Events              No Auditing
    Detailed Tracking
      Process Termination                     No Auditing
      DPAPI Activity                          No Auditing
      RPC Events                              No Auditing
      Process Creation                        No Auditing
    Policy Change
      Audit Policy Change                     No Auditing
      Authentication Policy Change            No Auditing
      Authorization Policy Change             No Auditing
      MPSSVC Rule-Level Policy Change         No Auditing
      Filtering Platform Policy Change        No Auditing
      Other Policy Change Events              No Auditing
    Account Management
      User Account Management                 No Auditing
      Computer Account Management             No Auditing
      Security Group Management               No Auditing
      Distribution Group Management           No Auditing
      Application Group Management            No Auditing
      Other Account Management Events         No Auditing
    DS Access
      Directory Service Changes               No Auditing
      Directory Service Replication           No Auditing
      Detailed Directory Service Replication  No Auditing
      Directory Service Access                No Auditing
    Account Logon
      Kerberos Service Ticket Operations      No Auditing
      Other Account Logon Events              No Auditing
      Kerberos Authentication Service         No Auditing
      Credential Validation                   Success

    Hi Lawrence,
    After configuring the GPO, did we run command gpupdate/force to update the policy immediately on domain controller? Besides, please run command gpresult/h c:\gpreport.html to check if the audit policy
    setting was applied successfully.
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
    Best regards,
    Frank Shen

  • Get notification and Alerts for security events

    Hi
    I have LMS3.1 and I need to be notified and alerted by any security issues may logged at the router and switches such as port security and DHCP SNOOPING DENY events.
    Many thanks.
    Cheers

    There are several methods of doing this.  
    1.  Have you heard of Cisco Notification Service? 
    2.  Have you tried RSS?  
    If you want to receive RSS feeds from Cisco Security Advisories, Responses, and Notices then the RSS address HERE. 
    If you want to receive RSS feeds from Cisco Security  Notices then the RSS address HERE.

  • Exchange security evtx files and connection events

    Does anyone know if the security .evtx files on the exchange mb database servers (2010) would store information about connections from client software (i.e. Outlook). trying to determine a way to see when a connection was made by a specific user (windows
    7 PC accessing exchange via outlook 2010), and subsequently closed (i.e when they shut outlook on their PC). Have some logs from the server on the day but they are a bit overwhelming, any ideas on specific event ID's to filter the masses of data down to connections.
    There are several hundred mailboxes on this DB server so its going to be a nightmare to analyze.

    Hello,
    Clients' connectivity logging is not maintained by Security Event Log files. To configure client connectivity you should configure:
    1. For RPC connectivity: http://theucguy.net/rpc-client-access-logging-in-exchange/.
    2. For OWA connections: check %SystemDrive%\inetpub\logs\LogFiles directory.
    Hope it helps,
    Adam
    CodeTwo: Software solutions for Exchange and Office 365
    If this post helps resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.

  • Windows Active Session logon state security event viewer

    Hi Team,
    i have question.
    i already enable audit logging policy from GPO, especially logon logoff audit.
    at server event viewer show (security/audit success) display log off and log on event id. 4634 for logoff and 4624 for logon
    my question are :
    1. Why event viewer always show computer name at account name information? event viewer 4624 logon
    can i get the user name info from this event id 4624 logon
    2. At event id 4634 logoff, security id and account name info always show computer name account
    can i get user name too?
    3.  what if the active user log on user never log off ( I mean user only disconnect from RDP session ).
    can i get info from security event viewer whose user that being active remote to server?
    Thanks
    Regards :)

    There should be both a computer and a user authentication since both so log onto the domain.
    Even though a user may never log off of a machine they still need to establisj a session with other machines for services.  After the intial logon the Kerberos TGT session ticket may be good for the next week (7 days by default) the logs should
    still show all newly established sessions.  You may need to review all DC's within the site of the user not just one DC, since any DC within the site could be providing the service.
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security, BS CSci
    2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
    Please no e-mails, any questions should be posted in the NewsGroup.
    This posting is provided AS IS with no warranties, and confers no rights.

  • Security Events Shows A New User Account Setup By Accessing my Network with a Profile

    Can you tell me, please, if this is the result of a hack?
    Mine is the 1st ID and Name. 
    Subject:
    Security ID: GATEWAY\Angela
    Account Name: Angela
    Account Domain: GATEWAY
    Logon ID: 0x2CBED
    Additional Information:
    Caller Workstation: GATEWAY
    Target Account Name: Administrator
    Target Account Domain: GATEWAY"
    Audit Success 2/5/2014 12:49:45 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.
    Subject:
    Security ID: SYSTEM
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3E7
    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege"
    Audit Success 2/5/2014 12:49:45 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.
    Subject:
    Security ID: SYSTEM
    Account Name: GATEWAY$
    Account Domain: WORKGROUP
    Logon ID: 0x3E7
    Logon Type: 5
    Impersonation Level: Impersonation
    New Logon:
    Security ID: SYSTEM
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3E7
    Logon GUID: {00000000-0000-0000-0000-000000000000}
    Process Information:
    Process ID: 0x250
    Process Name: C:\Windows\System32\services.exe
    Network Information:
    Workstation Name:
    Source Network Address: -
    Source Port: -
    Detailed Authentication Information:
    Logon Process: Advapi  
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0
    I also suddenly have a 'switch user' on my windows logon screen, have files appearing and disappearing, see someone logging in with a temp profile, then a manual
    profile, then an automatic profile (created from the profile examples given), logons between midnight and 2am, User Profiles Service 3, 4, 1, 5, 67, 5 and 2 over a 5 minute period at 1:10am on 2/3, etc.
    I need to load my husbands PC (I reloaded mine and the problem continued, and need to know how to protect him from this, if necessary.
    How do I proceed?

    Hi,
    Gnerally speaking, the events you list above just sytem service or application need to use system resource, then Event Viewer would record their activity. You can use Filter(filter event ID, such as 4624) to check, you will find plenty of events like new
    account logon.
    About your another question, you can access to User Managment to check your sytem current user, if there is any other new user has been created.
    Win+X, choose Computer Managment, Local Users and Groups
    Roger Lu
    TechNet Community Support

  • Need Help to extract information from Windows Security Event log

    Hi Everyone,
    My challenge is to create a script that queries the Security event log for event id 4624 , logon type 2 and 10, then export the result to file, hopefully tab limited.
    I need the time - date - User Account - Workstation - IP address - Logon Type.
    I have had a go, checking out other advice from other questions, but i'm just not getting what I want.
    Kind regards,
    Andrew

    A good point to start is get-eventlog with where clauses.
    For example:
    get-eventlog -log security  | where {$_.eventID -eq 4624}
    So you want to get the entire security log, and then filter it client side? (Some of these logs can be massive).
    I would recommend Get-WinEvent with -FilterHashTable (Filter on the left) which will filter against the log directly.
    http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/24/use-powershell-cmdlet-to-filter-event-log-for-easy-parsing.aspx
    You might have admin rights issues accessing the security logs.
    You're right - my answer was only a first step to try "get-command *event" and eventually get-help.....

  • Windows Server 2008 R2 Security Event Log Maximum Size

    I have a customer with logging requirements on domain controllers that are exceeding the maximum log size they have configured for the security log.  When they attempted to increase the maximum size of the security event log via Group Policy, the settings
    did not take effect.  When an attempt was made to increase the security event log manually on the domain controller via the properties of the log, an error is generated whenever the value was changed.
    The Maximum Log Size specified is not valid.  It is too large or too small. The Maximum Log Size will be set to the following: 196608 KB
    The 196608 KB value is the value that it is currently set at.  Testing on other logs, application, system, has lead to the same result.  
    wevtutil.exe sl security /ms:<n> produces similar results.  There is no error message given but the value doesn't change when you run wevtutil.exe gl security
    When viewing the registry value MaxSize under HKLM\Current Control Set\Services\EventLog\Security the change is reflected, but the log does not seem to get any larger.  
    What one would expect to be a two minute change in a group policy object has turned into something much more difficult.  Any idea what could be causing this?
    Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise Administrator

    I verified that it was not another policy - the domain is pretty simple without many policies, only policies applied are:
    Default Domain Policy (no event log settings)
    Company Domain Policy (no event log settings)
    Default Domain Controller Policy (no event logs settings)
    Company Domain Controller Policy (...\Event Log\Maximum security log size 4194240 kilobytes)
    The value was 196608 before, the plan was to change the group policy setting to 4194240 and I expected it to be that easy.  However, the values didn't change.
    4194240 is divisible by 64
    Used multiple tools to try and change
    Group Policy
    Event Viewer
    wevtutil.exe
    registry editor
    While some of the methods display a larger event log, the actual size of the event log still seems to be limited to 196608 kb.  
    Thanks,
    Joe
    Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise Administrator

  • Allow Non-Administrator accounts to create event sources and write to event logs

    We are setting up BizTalk 2013 in Windows Server 2012 and one of the requirements is to allow the service account to create sources and write in event logs (Application) of the BizTalk servers. We have found what it seems to be a simple solution for this
    without giving service accounts local admin rights.
    Give Full control for the following registry keys to the service accounts or groups to allow creating of event sources and write to event logs:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
    Note: when changing permissions for EventLog key, the child keys will inherit the permissions by default except Security key which must be done manually.
    Initial tests using a .net test app seems to work as expected. New event sources are being created in the event logs and writing to the event logs after that works perfectly.
    The above method has been deployed in production and this is the most suitable solution for us.

    Hi Keong6806,
    Thanks a lot for posting and sharing here.
    Do you have any other questions regarding this topic? If not I would change the type as 'Discussion' then.
    Best Regards,
    Elaine
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Many security events have been identified by the proxy stack.

    On our Lync Edge servers I can see lots of warning events are getting generated every second. Any idea how to stop this events.
    Log Name:      Lync Server
    Source:        LS Protocol Stack
    Date:          3/26/2014 5:40:43 AM
    Event ID:      14425
    Task Category: (1001)
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      servername
    Description:
    Many security events have been identified by the proxy stack.
    In the past 55 seconds, 30 security events have been identified by the proxy stack. A large number of security events could indicate that the server is under attack. The last event was:
    $$begin_record
    LogType: security
    Text: The connection from a remote user client is refused because remote user access is disabled
    Result-Code: 0xc3e93d6d SIPPROXY_E_CONNECTION_EXTERNAL_INTERNET_ACCESS_DISABLED
    Peer-IP: 192.168.10.1:50224
    Peer: 192.168.10.1:50224
    $$end_record
    Cause: The server may be under attack, or there might be a configuration problem that is causing errors.
    Resolution:
    Launch the Lync Server 2010 Logging Tool. Select the "SIPStack" component, the "Errors" level and the TF_SECURITY flag. Review the events reported to the trace log using the "Analyze Log Files" feature of the logging tool.

    Hi,
    What's your Edge NIC and certificate configuration? And the DNS SRV records?
    It may happen because the Lync server does not pass the correct certification authority information back to the Lync client during the negotiation of the TLS connection.
    You can refer to the part “Workaround” in the link below:
    http://support.microsoft.com/kb/2464556
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Using the Audit Provider to log ejb security events

    I would like use the audit provider to log security events for ejbs that use container managed security. Specifically I want to record the name of the ejb being accessed, the method the user is accessing, the time of the event and the user name of the user who is accessing the ejb.So far I have created an ejb that has method-permissions defined in the ejb-xml file. I have a number of users with different levels of permissions and the security is working.I have also installed the example Audit class that is shipped with weblogic.I am getting Audit indo in the log file, but I do not get any ejb info being logged.Is it possible to use the Audit provider that weblogic provides to audit ejb security events? Do I need to do something special to make this work?Please help, I can not find any documentation about what the audit provider logs.

    Actually I never tried to login into the provider, but I understand you just need the keys.
    Try this code, it works for me (some pieces are missing, but this is the core)
            Provider provider=null;
         provider=new SunPKCS11(providerFile);   // providerFile is a String
         Security.addProvider(provider);
         KeyStore store=KeyStore.getInstance("PKCS11");
            char[] pin=pinAsString.toCharArray();   
         store.load(null, pin);
            PrivateKey key=(PrivateKey)store.getKey(alias, null);
            Certificate[] chain=store.getCertificateChain(alias);
            .....Using this approach I managed to read all the information from the provider (aliases, certificates, ...). I'm not sure that's what you needed, but I hope it helped.

  • What caused the Windows 2008R2 Security event discarded

    Dear Support team,
    I have a windows 2008 R2 server, The security events didn't recorded from last year.
    1. The maximum log size set to 100 MB, But the log file is 300 MB.  The retention was set to "archive the log when full,do not overwrite events".
    2.  Below last entry security log show the registry key that i modified at that time. After i modify the registry value all of the security event were discarded
    A registry value was modified.
    Subject:
                    Security ID:                              domain\userid
                    Account Name:                        userid
                    Account Domain:                     domain
                    Logon ID:                                0x2c202074
    Object:
                    Object Name:                           \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eventlog\Security
                    Object Value Name: Retention
                    Handle ID:                               0x100
                    Operation Type:                       Existing registry value modified
    Process Information:
                    Process ID:                               0x129c
                    Process Name:                          C:\Windows\regedit.exe
    Change Information:
                    Old Value Type:                       REG_DWORD
                    Old Value:                                0
                    New Value Type:                      REG_DWORD
                    New Value:                              4294967295
    3. As i know,The Windows Event Log supersedes the Event Logging API beginning with the Windows Vista operating system. Here is the KB link:  http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780(v=vs.85).aspx?ppud=4
    And the registry key which i modified at the before ( \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eventlog\Security\retention )  Seems only apply to Event logging  for Windows 2003 and prior system. 
    Here is the KB link:  http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648(v=vs.85).aspx
    May i know what is the reason cause security event discarded ?
    Does the retention setting at Registry still working at windows 2008?
    Thanks very mush.
    Randy

    The new methods are via GPO described here.
    http://technet.microsoft.com/en-us/library/cc722385(v=WS.10).aspx
    http://blogs.technet.com/b/askds/archive/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista.aspx
    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Many security events have been identified - federation disabled error

    We are getting lots of warnings in our event log for Event ID 14425:
    Many security events have been identified by the proxy stack.
    In the past 20 seconds, 30 security events have been identified by the proxy stack. A large number of security events could indicate that the server is under attack. The last event was:
    $$begin_record
    LogType: security
    Text: All federation is disabled
    Result-Code: 0xc3e93d74 SIPPROXY_E_EPROUTING_MSG_FEDERATION_DISABLED
    SIP-Start-Line: SUBSCRIBE sip:[email protected] SIP/2.0
    SIP-Call-ID: 819af7ce193e4deb8db8fd2f14a9df41
    SIP-CSeq: 1 SUBSCRIBE
    $$end_record
    Cause: The server may be under attack, or there might be a configuration problem that is causing errors.
    Resolution:
    Launch the Lync Server 2010 Logging Tool. Select the "SIPStack" component, the "Errors" level and the TF_SECURITY flag. Review the events reported to the trace log using the "Analyze Log Files" feature of the logging tool.
    So we did as the resolution states, and logged the traffic, and we are getting thousands of these types of messages:
    TL_ERROR(TF_SECURITY) [0]05E8.00CC::01/05/2011-15:12:11.015.00000013 (SIPStack,SIPAdminLog::WriteSecurityEvent:SIPAdminLog.cpp(424))$$begin_record
    LogType: security
    Text: All federation is disabled
    Result-Code: 0xc3e93d74 SIPPROXY_E_EPROUTING_MSG_FEDERATION_DISABLED
    SIP-Start-Line: SUBSCRIBE sip:[email protected] SIP/2.0
    SIP-Call-ID: 2249db6d65ac4a11ba9aea022e8fe17c
    SIP-CSeq: 1 SUBSCRIBE
    $$end_record
    If we have Federation disabled, how do I keep all this traffic from hammering my edge server?  What I am assuming it is trying to do is get the presence for every person in every email being sent or received (or read?)
    Thanks,
    Bob

    If you're not going to leverage Lync federation and enable it for your environment, it's probably worth considering the removal of your public SRV record for federation for the sake of tidiness. They won't do you any harm providing that they are indeed genuine
    subscription requests from foreign users.
    Kind regards
    Ben
    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.
    Lync | Skype | Blog: Gecko-Studio

Maybe you are looking for

  • Should i use a vpn program overseas on a macbook

    I use a MacBook Pro when working overseas. There are many internet issues in certain locations and I'm considering installing a VPN program on my computer so that I can safely conduct online banking, etc. First, is this something that I should to con

  • How to deinstall iwork 08

    Had iWork 08, Pages stopped recognizing it, Installed iWork 09, seemed to go alright but when finished only Keynote09 and Numbers09 would work, Pages 09 unresponsive. Need advise to clear out 08 completely cause there seems to  be a conflict between

  • Unable to revert back to simple passcode

    i tried to turn off the simple passcode just to see how the non-simple passcode works. i dont like it much so i want to revert back to the simple passcode but the on/off button is disabled as well as the button to turn off the passcode.. please help

  • Any tips for editing an HDV time lapse?

    I have done some extensive Googling on time lapse and understand the limitations of video as compared to film, and how most professional time lapsers use still cameras. Be that as it may, I am just having some fun with my new HDV camera and its built

  • Help required with multiple buttons

    Hi all, i'm working on a charity project that entails the clicking of buttons in order to purchase a "virtual plot" on a grid system. There are hundreds of buttons involved. What I need to know are the following : a) Is there a way for me to set the