Security Basics mailing list archives
sec event log question (change to Encrypted Data Recovery Policy)
From: "Portman, Timm" <TPortman () parts-unltd com>
Date: Wed, 16 Oct 2002 14:09:48 -0500
Below is an example of an event I have not seen before, that I can't seem to find much information about. If anyone has any information or resources on this event, I'd really appreciate a schooling. I first noticed this about a week ago on one server that is connected to the internet (a tomcat java server) and occurred right after a reboot of that server. 2 days later, a different server (a sql2k development box) in my domain was rebooted (used by the same developers as the tomcat server) by a tech adding a hard drive, and the same event was recorded. 3 days later, a third box (an IIS/Tomcat Intranet server *tomcat IS exposed to the internet, though on a non-common port) was rebooted and a third instance of this message was recorded. Thanks, -Timm Event Type: Success Audit Event Source: Security Event Category: Policy Change Event ID: 618 Date: 2002/10/15 Time: 08:50:19 User: NT AUTHORITY\SYSTEM Computer: LEMANSSITE Description: Encrypted Data Recovery Policy Changed: Changed By: User Name: <...SNIP...>$ Domain Name: <...SNIP...> Logon ID: (0x0,0x3E7) Changes made: ('--' means no changes, otherwise each change is shown as: <ParameterName>: <new value> (<old value>)) PolEfDat: <binary data> (<binary data>); Timm Portman Senior Network Specialist LeMans Corporation, Janesville, WI (608)758-1111-x5545
Current thread:
- sec event log question (change to Encrypted Data Recovery Policy) Portman, Timm (Oct 17)