No entries in Security Event Log

[Guest]

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin (More info?)

I run XP Pro + all patches (except SP2). I do not use ICF.

I have never seen an entry in the Security Event Log.

Do I need to set something to enable logging?

 

[Guest]

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin (More info?)

Hi Alex,

> I have never seen an entry in the Security Event Log.
>
> Do I need to set something to enable logging?

Go to Administrative Tools / Local Security Policy.
In the treeview, open the Local Policies Node and Audit Policy nodes.
In the right-hand side audit policies pane, you can now set succes and/or
failure auditing for different categories of auditable events, by
double-clicking on each of those categories.

Cheers,
Jan.

 

[Guest]

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin (More info?)

> > "Alex Coleman" <coalie@nomail.com> wrote in message
> > news:96D174842EAB631E75@66.250.146.159...
> >
> > I have never seen an entry in the Security Event Log.
> > Do I need to set something to enable logging?
>
>
> "Jan Spooren" <jspooren@nospam.nospam> wrote in
> message news:%23X5A5rRuFHA.3756@tk2msftngp13.phx.gbl...
>
> Go to Administrative Tools / Local Security Policy.
> In the treeview, open the Local Policies Node and Audit Policy nodes.
> In the right-hand side audit policies pane, you can now set succes and/or
> failure auditing for different categories of auditable events, by
> double-clicking on each of those categories.



Please note, you won't want to set an action for every event. I recommend
installing Microsoft Baseline Security Analyzer (MBSA) and performing a
scan of your machine. It will recommend which events to log as a good
security baseline.

MBSA can be found at http://www.microsoft.com/mbsa


--
AZC
MVP