Security Basics mailing list archives
Auditing in WinXP
From: "Hyperion" <nemesis () croasdalepreston fsnet co uk>
Date: Wed, 25 Jun 2003 20:38:20 +0100
Hello all I am fairly new to the security lark, but have taken a great interest in all aspects of it, and as a result I am reading up furiously on as many papers, Ebooks, RW Text Books, text files, and online magazines as I can possibly get my hands on :) As you can imagine however, there is a shed load information I knead to get to know, and after only reading my fist few books/text I have a zillion and one questions to ask heh :) What I would like to ask today however is, on my WinXP Pro System, which is basically my pc my workstation/workhorse, I have as a result of reading a few books took to setting my Auditing to on most things via my Admin tools Local Security Policy, and I would like to know were I can view any of the Auditing that's taking place. I will explain further. In the Local Security Settings window, you have the Local Policies/Audit Policies/User Rights Assignment/Security Options. Well In the Audit Policy I have set various settings like Audit account logon events, to Success, Failure. But I don't no were to view any of the Audited logs that would show any failed login attempts and so on. Is it simply in the Event Viewer? and if so How do I go about making sense of these events? I see plenty of event type 593 and 578, 592, 600 and so on, but I gain little information about what that process was, and so I can't judge whether the event was a security risk or just a system process. If any of that makes sense to anyone and you reply, I thank you for your reply :) My Regards --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Auditing in WinXP Hyperion (Jun 26)
- <Possible follow-ups>
- re: Auditing in WinXP Harlan Carvey (Jun 27)