Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Auditing in WinXP

From: "Hyperion" <nemesis () croasdalepreston fsnet co uk>
Date: Wed, 25 Jun 2003 20:38:20 +0100
Hello all

 I am fairly new to the security lark, but have taken a great interest in
all aspects of it, and as a result I am reading up furiously on as many
papers, Ebooks, RW Text Books, text files, and online magazines as I can
possibly get my hands on :)

 As you can imagine however, there is a shed load information I knead to get
to know, and after only reading my fist few books/text I have a zillion and
one questions to ask heh :)

 What I would like to ask today however is, on my WinXP Pro System, which is
basically my pc my workstation/workhorse, I have as a result of reading a
few books took to setting my Auditing to on most things via my Admin tools
Local Security Policy, and I would like to know were I can view any of the
Auditing that's taking place. I will explain further.

 In the Local Security Settings window, you have the Local Policies/Audit
Policies/User Rights Assignment/Security Options.
 Well In the Audit Policy I have set various settings like Audit account
logon events, to Success, Failure.
 But I don't no were to view any of the Audited logs that would show any
failed login attempts and so on.
 Is it simply in the Event Viewer? and if so How do I go about making sense
of these events? I see plenty of event type 593 and 578, 592, 600 and so on,
but I gain little information about what that process was, and so I can't
judge whether the event was a security risk or just a system process.

If any of that makes sense to anyone and you reply, I thank you for your
reply :)

My Regards




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: