Networking / Beginners

Crash on Audit Failure

CrashOnAuditFail, or "Audit: Shut down system immediately if unable to log security audits" in Group Policy, causes your system to crash if it cannot log security events. This setting is designed for military intelligence environments and should not be used on the vast majority of systems. Use the feature built in to the OS to alert an administrator when the event logs reach a certain threshold and then go archive them instead. Better yet, get an event log collection system and use it to archive event logs. By the time you read this, Microsoft will hopefully have released its Audit Collection System (ACS), which provides this functionality.

Disable Cached Credentials

Many of the security guides out there recommend disabling cached credentials on all machines. You should consider this carefully, especially on laptops. There is no real problem with disabling them on servers and desktops. However, if you disable them on laptops, you will break domain logon while disconnected from a domain. That means users will have to log on with a local account instead. Not only will this make them irate because their resources no longer show up, but in most cases we have seen they will use the Administrator account, which will (hopefully) degrade security since their domain account is not a local administrator. (It isn't, is it?) Even if they use a local non-admin account, the chances they will use the same password as on their domain account are significant, which means the password is much more exposed than through cached credentials. Be careful where you turn this setting on.

[Previous] [Contents] [Next]

In this tutorial:

  1. Protecting Hosts
  2. Security Configuration Myths
  3. Myth 1: Security Guides Make Your System Secure
  4. Myth 2: If We Hide It, they Not Find It
  5. Myth 3: The More Tweaks, the Better
  6. Myth 4: Tweaks Are Necessary
  7. Myth 5: All Environments Should At Least Use <Insert Favorite Guide Here>
  8. Myth 6: "High Security" Is an End Goal for All Environments
  9. Myth 7: Start Securing Your Environment by Applying a Security Guide
  10. Myth 8: Security Tweaks Can Fix Physical Security Problems
  11. Myth 9: Security Tweaks Will Stop Worms/Viruses
  12. Myth 10: An Expert Recommended This Tweak as Defense in Depth
  13. Server Security Tweaks
  14. Software Restriction Policies
  15. Do Not Store LAN Manager Hash Value
  16. Anonymous Restrictions
  17. Security Identifiers (SIDs)
  18. Password Policies
  19. SMB Message Signing
  20. Networking LAN Manager Authentication Level
  21. TCP Hardening
  22. Restricted Groups
  23. Audit Settings
  24. Client Security Tweaks
  25. Firewalls
  26. IPsec Filters
  27. SafeDllSearchMode
  28. Local Administrator Account Control
  29. Limit Local Account Use of Blank Passwords to Console Logon Only
  30. Logon Events
  31. Allowed to Format and Eject Removable Media
  32. The Caution ListChanges You Should Not Make
  33. Crash on Audit Failure
  34. Clear Virtual Memory Page File
  35. Security Configuration Tools