Re: log file how to?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/04/04 

Date: Fri, 04 Jun 2004 14:14:58 GMT

You can enable auditing on your computers however for what you would want to do you
would need to audit everything and then enable auditing on all folders on the
computer which is not practical as it would generate thousands and thousands of
events in the security log and substantially decrease computer performance. I would
start at enabling of logon events , account management, and object access. The enable
auditing of just sensitive folders and possible the executable files of programs you
want to monitor. You can also audit process tracking, but a gain you will generate a
lot of events. The trick to auditing is to just audit enough to get the info you
ant - not everything. You can use filter view in Event Viewer to look for certain
events in the security log and use Event Comb to scan the logs of multiple computers.
The link below should be helpful. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640

"aken" <anonymous@discussions.microsoft.com> wrote in message
news:284C2E45-0D58-42E3-9CE4-648FB615D841@microsoft.com...
> hi,
> as a system administrator, i would like to view all the details partaining to login
issues like who all have logged in, what did they work upon, their login timings,
what files they have browsed etc etc... what ever an administrator would think upon
as security measures. this datas must be automatically stored rather then myself
manually saving the
> files.
>
> how can this be done. we have win2k server and win Xp as clients and is domian
environment.
>
> any suggestion
> aken

Relevant Pages

  • Re: [Question] Audit Share
    ... You can enable auditing of object access and then enable auditing of folders/files, ... however a lot of events will be generated in the security log. ... > Is it possible to audit the Share. ...
    (microsoft.public.win2000.security)
  • Re: Audit and applications execution
    ... You can enable auditing of object access and then set auditing of the executable ... of groups or users to audit instead of everyone to keep events generated down. ... want to substantially increase the size of the security log from default. ... > was used - opening and closing time. ...
    (microsoft.public.win2000.security)
  • "Enter Network Password" popup on all IE pages
    ... It has started appearing on other computers. ... >computer is set to audit all events even though the ... >workstation, installed a new user and the problem still ... >>domain workstation accounts. ...
    (microsoft.public.win2000.group_policy)
  • Re: How to change a color of a shape when it meets a condition
    ... Currently managing a site with over 350 computers at that site alone... ... layer 1 - Floor Plan.... ... My question is...there is an "Audit date" property that records the ... Are there any Free "Online" sites that would help in VBA code for Visio ...
    (microsoft.public.visio.developer)
  • Re: How can determine version of Office
    ... files to show the version of Office 2003 in your computers so that you can ... Since you have a program to audit your particular files, ... To determine whether the service pack is installed, ... Microsoft Online Partner Support ...
    (microsoft.public.office.setup)