Microsoft Server with Mcafee SIEM auditing settings

Similar Messages

• Microsoft Servers with Mcafee SIEM auditing settings

  Hi,
  Recently we have implemented Mcafee Enterprise security Manager SIEM
  To collect all events and logs from all network, servers, event viewer and other logs.
  I'm looking for what exact configurations should be made on Microsoft servers to enable audit, loggings to be collected by SIEM.
  Shall Microsoft has standard on that or recommendation for each application if I monitor this application and need to get the maximum logs what configurations should be made in this app. To get that
  I did some research but I didn't get clear or complete answer for that
  Servers list I've:
  Exchange 2010 highly available
  Active directory 2008 / 2012
  SQL server 2008 / 2012
  Hyper-V Servers 2010 / 2012
  SharePoint Server 2010
  DNS servers 2008
  DHCP servers 2008
  Appreciate support.

  Thanks for updating, 
  MacAfee provided how to configure and how to integrate 
  but we still need baseline which setting should be enabled and what shouldn't for example AD audit setting on GPO 
  (based on Microsoft recommendation) this recommendation
  MacAfee said whatever audit setting and logs i i will collect
  I do not know any recommended setting from Microsoft. You may have to experiment on your own.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Static IP-ed server with Airport Extreme 802.11ac

  Howdy, y'all, In support of an app for remote users, we wanna expose a Win server using a static IP from our cable provider. The ISP has provided us with the static IPs, DNS IPs and a gateway IP. At the moment, the Win server is on a subnet routed by our new Airport Extreme 802.11ac receiving a reserved IP. If I configure the Win server with the static IP settings from the ISP, there's no Internet connectivity because the gateway IP is a different subnet. When I connect the Win server directly to the cable modem and bypass the Airport Extreme, the Win server has Internet connectivity. I suspect that I'll hafta use a separate switch between the cable modem and the Airport Extreme for the Win server. I think that we'll then have departmental Wi-Fi routed by the Airport Extreme. Any other suggestions? Thanks much.

  Do you only have a single IP??
  If so you cannot give that IP to the win server.. then you have no other network connection.. or internet from other clients.
  But you can simply put the Win server with a static LAN ip set via dhcp reservations and then set the win server as the default host.. all packet incoming to the public IP are then passed to the Win Server.
  DHCP reservation on the network tab of the airport utility.
  Default host is under Network options.
  You will still use the AE as main router and set wan to either dhcp which should work fine or the static IP.

• BPC 7 (Microsoft) installed with incorrect regional settings

  Hello experts
  We have just established that our operating system was installed using the regional setting English (UK) instead of English (US).  The symptom we currently have is that in the Report Library we get an error when sorting by date.  We have been running BPC for around 4 months now and this is the only problem relating to dates that we have noticed.
  We have been advised that the only way to correct this problem is to reinstall the operating system, SQL server and BPC.
  Has anyone else experienced this problem?  Re-installing everything seems like a major undertaking for what appears to be such a small problem.  What other problems are we likely to have in the future if we don't reinstall everything?
  We are running a single server with:
  - Windows 2003 Server R2 Enterprise Edition
  - SQL Server Enterprise 2008
  - BPC 7.0 (Microsoft) SP04
  Any advice gratefully accepted.
  Thanks
  Tamara

  Hi You don't need to reinstall.
  You just have to do the follow steps:
  1. Open COntrol Panel - Regional and Language Options
  Advance section - Select English US reg settings and select check box:  "Apply the current settings to default user...."
  Press Apply and Ok.
  2. Open registry editor using regedit command (in comand line)
  Go to HKEY_USERS- .Default- Control Panel - International and make sur enow you have English US settings.
  If you have then export this key International into a file. US.reg
  Check all key from HKEY_USERS- S-1-......- Control Panel - International
  If it is any of these key not English US then edit the US.reg and replace .Default with S-1-....
  for all occurences.
  THis will solve your issue.
  Another solution is actually to change for all keys from HKEY_USERS
  .Default - Control Panel - International  all the date format to be US format not UK format.
  But this is a more dangerous change and it was not complete tested.
  I suggest the first one which was tested for other customers.
  I hope this will help you.
  Sorin Radulescu

• Support configuring PlayBook on a Microsoft VPN with default settings

  We have a Microsoft VPN running at work. I can connect to it from any Windows 7 PC with the default VPN settings. How can I configure the PlayBook to connect to the VPN. I have had no success after trying various settings.

  Can anyone shed some insight into the correct settings - I too am attempting to get a VPN operational against a standard Microsoft Server VPN.
  Is there something that I need to be able to ask IT ? where should I look ?
  When I configure a new win 7 laptop all I need is the URL of the VPN server...

• Your backup is from a different version of Microsoft SharePoint Foundation and cannot be restored to a server running The backup file should be restored to a server with version '12.0.0.6318' or later.

  am trying  to restore the bak file into a new  site collection in my sp 2010  standalone env.
  am getting error
  PS C:\Windows\system32> stsadm -o restore -url http://srvr1-01:123/sites/Repository -filename "C:\mBKUPCOPY\Sharepoint_bankup.bak"
  STSADM.EXE : Your backup is from a different version of Microsoft SharePoint Foundation and cannot be restored to a server running
  the current version. The backup file should be restored to a server with version '12.0.0.6318' or later.
  At line:1 char:1
  + stsadm -o restore -url http://srvr1-01:123/sites/Repository -filename "C: ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo : NotSpecified: (Your backup is ...6318' or later.:String) [], RemoteException
  + FullyQualifiedErrorId : NativeCommandError

  As stated in the other thread on this topic you can't restore a 2007 backup to 2010, it needs to be upgraded.
  https://social.technet.microsoft.com/Forums/en-US/31c70f0a-5d89-4308-895b-af0c2b249114/restore-the-site-collection-from-moss-2007-to-sp-2010-site-collec?forum=sharepointadminprevious

• Microsoft Server 2008 R2 CA with DMVPN

  Hi,
  I want to Microsoft Server 2008 R2 Certificate Authority Server with DMVPN and  that instead to preshared key. Used to certificate server when spokes connect to hub.  Can i do it and if that possible then what can i do?
  Thank you,
  Regards,

  Hi,
  Good to hear that and thanks for your feedback.
  Have a good day!
  Best regards,
  Susie

• Can I do this with Microsoft Server 2012

  Please can you help. I have a Dell 7610 workstation. My main server is a Netgear NAS rnd2000 which I would like to replace with a Dell T420 server. For that I will need a microsoft server software package. I would like to set it up like this:
  Work off the workstation hard drive. That backs up automatically to the Dell T420 server which I can also access remotely when off site. As added security I would then like the Dell server to automatically back itself up to the old Netgear server which is locked
  in a more secure location.
  Can I do this and which Microsoft product do I need to purchase ? Is it also possible to sync my second back up computer in as well somehow so that I can use either computer and everything is synchronised ?
  Regards,
  John Bowden

  Should be able to do it with out-of-the-box components.  Of course, you will still need whatever Netgear software is required to use their device.  Depending upon how much you want to make automatic, you could go so far as to set up Direct Access
  on the Windows Server and configure your workstation to store its files directly on the Windows Server. When you are connected to the internet, you have access to your files and they are automatically synchronized on the host. When not connected to the network,
  you are working on local file copies.
  Then on the server set up a task that backs up to the Netgear box.
  Again, nothing additional from Microsoft.
  . : | : . : | : . tim

• IMac isn't loading a specific website (can't connect to that server), regardless of browser, though the same website will load on other computers on same network. Is it an issue with the iMac's settings?

  Our iMac isn't loading a specific website (we get a message saying it can't connect to that specific server), regardless of browser (I've tried it in Chrome, Safari, and Firefox). However, the same website, which is for a major medical provider, loads without any issue on our other computers on the same wireless network. Is it an issue with the iMac's settings? All other websites seem to be loading without issue on the iMac.

  ... Is it an issue with the iMac's settings?
  Possibly. Make sure you are not using a proxy server. Look in Safari Preferences > Advanced > Proxies > "Change Settings..." This will take you to the applicable Network Preferences. Make sure that nothing is selected in the "select a protocol to configure" list. It should look like this:
  Still not working?
  Locate your Terminal app. It is in your Utilities folder. Open Terminal.
  In Terminal, copy (triple-click) and paste the following line:
  osascript -e 'tell application "System Events" to get name of every login item'
  This will produce a list of all your account login items.
  While you are in Terminal, copy (triple-click) and paste the following line:
  kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
  This will produce a list of all non-Apple kernel extensions. There will be few, if any.
  Post the results of the above.

• How to migrate an existing Microsoft SSIS deployment if it is decided to replace SQL Server with an Oracle database?

  Hi Oracle Gurus!
  Currently, I am designing an ETL solution that transforms and loads a lot of data from flat files and sends it to an SQL Server 2008 R2 database for storage. However, at a future point of time, it may be decided to add or even replace SQL Server with an Oracle 11g database.
  Currently, I am writing script transforms in C# to dynamically generate SSIS packages to tansform and load the data into SQL Server. But considering that in future, an Oracle 11g or 12c database might be added to, or replace the SQL Server database, how do I make my script transforms (or whatever else I am developing currently for SQL Server) reusable to the extent possible?
  Or more precisely, what steps do I take, from an Oracle point of view, to ensure that any future migration of data to an Oracle database would be smooth to the extent possible?
  Looking up to my Oracle Gurus for enlightenment in this matter!
  Novice Kid

  When you're writing your on C# code to load data into the SQL Server you have to modify the routines so that they will work with Oracle.
  One approach is to use the extproc agent which would allow you to directly call external programs with all the logic in it to perform the load of your files and to put the data into the Oracle database. Another option would be to use utl_file package (or equivalents) which will allow you to open external files from your Oracle database and to directly read its content and then to pass it to the related tables.

• MicroSoft Content Management Server with WL Portal 10

  Hello,
  Has anyone got experience with integrating MS Content Management Server with the BEA WL Portal 10?
  i need develop a custom SPI?
  Comments, Issues, opinions?
  Best Regards,
  Zarco

  ------- Pallav Tandon wrote on 1/18/05 1:37 PM -------Cam you elaborate more on the type of integration you are looking for.WE have done integration at portlet level...crawler level etc for MCMS .. I can share my experiences if you can provide some direct queries
  Hi Pallav, we are also contemplating integration of MSCMS 2002 with plumtree. Can you describe what types of integration you have done?
  - Brandt

• How to link Microsoft server 2012 with my windows app.

  I have created an app which describes my university and I want to link a Microsoft Server 2012 machine so that i can send updates to the app users at any instance of time. I am using java script to code my app .....I am very new so please help!!!!
  Thanks in advance....

  Hi Manojit
  Thank you for posting in the MSDN forum.
  Since Visual Studio General Forum which discuss Visual Studio IDE usage, so I’m afraid that it is not the correct forum for this issue.
  To help you find the correct forum, could you please tell us which kind of app you create? Is it a WinForm app or other? What does “Link Microsoft
  server 2012” mean in your app?
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click HERE to participate the survey.

• Problems with Microsoft Server Update Service (WSUS)

  Hi,
  Anyone experienced similar?
  The Microsoft Server Update Service (http://www.microsoft.com/windowsserversystem/updateservices/default.mspx) can be set up to use an ordinary proxy server.
  But it cannot connect through Web Proxy Server 4.0.2. If I shift to a Squid Proxy Server everything is just fine and patches are downloaded right away!
  Seems like a Sun Proxy problem?
  Regards,
  Kasper L�vschall
  BTW: Any news on the release date of version 4.0.3?

  Thanks! Looking forward to the release...
  Regards
  Kasper

• Command to set modify Advanced Security Settings (Audit Settings for folders) on windows 2008

  Hello,
  We have requirement to modify  Advanced Security Settings (Audit Settings for folders) on windows 2008. I am looking for a command which does this job.
  I know, using group policies I can do this; in fact I had done this using group policies. However, I need to do this on number of servers which are not in domain. There are around 15 folders on which I need to enable Auditing; manual editing folder advanced
  permissions is a cumbersome job. Hence, I am looking for a command line options.
  I need to know how command can be utilised to enable Audit option on a folder. Please share a command which can do this; once I get the command, I will create a batch file for other necessary folders. (BTW, this is not a scripting question, I just need to
  know the command hence, please do not re-direct me to scripting forum)
  Manually through GUI, I am setting following.. snaps are given below
  Thanks !

  You can try using Auditpol.exe: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft
  Student Partner 2010 / 2011
  Microsoft
  Certified Professional
  Microsoft
  Certified Systems Administrator: Security
  Microsoft
  Certified Systems Engineer: Security
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer
  Thanks but I guess, auditpol ca be used only to manipulate system audit policies. how do I specify a folder and user in auditpol ? I could not find or understand how folder can be included with auditpol command line options.
  Thanks !

• Error at RSOP while trying to set Audit settings via GPO

  Hello,
  i've configured Audit Policy via GPO and when i run RSOP on the server 2008 R2 i get X with the error "the policy engine did not attempt to configure the setting For more
  information, see %windir%\security\logs\winlogon.log on the target machine.
  Please help???

  Hi,
  This problem may occur if the "Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting is enabled. To resolve this issue, use one of the following methods, as appropriate for your situation.
  Method 1: Disable the policy setting by using Group Policy Object Editor
  Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
  Method 2: Disable the policy setting by using Registry Editor
  Note: Please backup the registry key before modify.
  1.Locate and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
  2.Right-click SCENoApplyLegacyAuditPolicy, and then click Modify.
  3.Type 0 in the Value data box, and then click OK.
  Restart the computer after you make the change.
  For more information, please refer to:
  Security auditing settings are not applied to Windows Vista-based and Window Server 2008-based computers when you deploy a domain-based policy
  http://support.microsoft.com/kb/921468/en-us
  RSOP: the policy engine did not attempt to configure the setting
  http://social.technet.microsoft.com/Forums/en-AU/winserverGP/thread/fde42cfc-bb74-4e11-8b60-c1a3cb5d80ed
  If the problem still continues, please check the %windir%\security\logs\winlogon.log and reply the information in this log.
  Regards,
  Bruce