106
•
0
to
255
; default value is
5 seconds
In the SCE UI, this appears as a text entry box:
•
A user defined number
•
Not Defined
Potential Impact:
Users will have to enter their passwords to resume their console sessions as soon
as the screen saver activates.
2.8.6.7
Security Log Settings
Security Log Near Capacity Warning: Percentage threshold for the
security event log at which the system will generate a warning
This entry appears as
MSS: Percentage threshold for the security event log at which the system will
generate a warning
in the SCE. Windows Server 2003 and Service Pack 3 for Windows 2000
includes a new feature for generating a security audit in the security event log when the security log
reaches a user-defined threshold. For example, if this value is set to 90, then when the security log
reaches 90 percent of capacity, it will show one event entry for eventID 523 with the following text:
The security event log is 90 percent full.
Note:
This setting will have no effect if the Security Event Log is configured to overwrite events as
needed.
The following registry value entries have been added to the template file to the following registry key:
HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\Eventlog\Security\
Subkey Registry Value Entry
Format
Recommended Value (Decimal)
WarningLevel
DWORD
90
Vulnerability:
If the security log fills up, and the computer has not been configured to overwrite
events as needed, then more recent events will not be written to the log. If the log fills up and the
computer has been configured to shut down when it is no longer able to record events to the security
log, then the computer will shut down and no longer be available to provide network services.
Countermeasure:
Configure
MSS: Percentage threshold for the security event log at which the
system will generate a warning
to a value of
90
. The possible values for this registry value are:
•
0
to
100
; default is
0
(no warning event is generated)
In the SCE UI, following list of options is available:
•
50%
•
60%
•
70%
•
80%
•
90%
•
Not Defined
Potential Impact:
This setting will generate an audit event when the audit log reaches the 90-
percent-full threshold unless the security event log is configured to overwrite events as needed.