Remove From My Forums

Event ID 5139 object moved no corresponding event id on windows 2003

Question
0

Sign in to vote

I have been trying to confirm that Windows 2003 R2 domain controllers will not audit object move events. Windows 2008 DCs monitor by these kind of events with Even ID 5139, but I could not find any corresponding event id for Windows 2003 domain controllers.

Please advise

Friday, September 2, 2011 7:07 PM

Answers

0

Sign in to vote
Yes, windows 2003 doesn't log anything regarding movement of objects in AD but a modification which is more confusing is event 566. Auditing was not that much refined prior to windows 2008. So you are right here, but windows 2008 & above have some really great auditing enhancements.

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=5136

I have article, where i have stored link for new event id for windows vista/7/2008/2008 R2.

http://awinish.wordpress.com/2011/06/15/auditing-only-auditing/

Regards

Awinish Vishwakarma

MY BLOG: http://awinish.wordpress.com

This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Edited by Awinish Saturday, September 3, 2011 6:29 AM
- Proposed as answer by Elytis Cheng Monday, September 5, 2011 3:00 AM
- Marked as answer by Elytis Cheng Thursday, September 8, 2011 1:15 AM
Saturday, September 3, 2011 6:29 AM
0

Sign in to vote
Hello,

auditing from DA was improved with Windows server 2008 and higher OS so you'll find more options to design detailed auditing:

http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Proposed as answer by Elytis Cheng Monday, September 5, 2011 3:00 AM
- Marked as answer by Elytis Cheng Thursday, September 8, 2011 1:15 AM
Sunday, September 4, 2011 7:59 AM

All replies

0

Sign in to vote

Hi,

Yes, there is no corresponding event id 5139 for Windows 2003 domain controllers, There is only one directory service access event, which is identical to the Object Access security event message 566.

Event 566 : A generic object operation took place.

Refer this: http://technet.microsoft.com/en-us/library/cc728087(WS.10).aspx

Regards,
Abhijit Waikar. MCSA|MCSA:Messaging|MCTS|MCITP:SA This posting is provided AS IS with no warranties,and confers no rights.

Friday, September 2, 2011 8:18 PM
0

Sign in to vote
Yes, windows 2003 doesn't log anything regarding movement of objects in AD but a modification which is more confusing is event 566. Auditing was not that much refined prior to windows 2008. So you are right here, but windows 2008 & above have some really great auditing enhancements.

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=5136

I have article, where i have stored link for new event id for windows vista/7/2008/2008 R2.

http://awinish.wordpress.com/2011/06/15/auditing-only-auditing/

Regards

Awinish Vishwakarma

MY BLOG: http://awinish.wordpress.com

This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Edited by Awinish Saturday, September 3, 2011 6:29 AM
- Proposed as answer by Elytis Cheng Monday, September 5, 2011 3:00 AM
- Marked as answer by Elytis Cheng Thursday, September 8, 2011 1:15 AM
Saturday, September 3, 2011 6:29 AM
0

Sign in to vote
Hello,

auditing from DA was improved with Windows server 2008 and higher OS so you'll find more options to design detailed auditing:

http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Proposed as answer by Elytis Cheng Monday, September 5, 2011 3:00 AM
- Marked as answer by Elytis Cheng Thursday, September 8, 2011 1:15 AM
Sunday, September 4, 2011 7:59 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Event ID 5139 object moved no corresponding event id on windows 2003

Question

Answers

All replies