Re: Event viewer/security log

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

In O7ZormBBGHA.272@xxxxxxxxxxxxxxxxxxxx Thomas Wendell wrote:
> Need help again...
>
> I understood that XPhome does not have any audit on
> success/failure in events
> But now my security log in event viewer just gets filled up
> with events 515 and 517 (at least, I just emptied it)
>
> How to stop it??
>
>
> (On my XPpro the security log has been empty since
> installing some 2 years ago(and reinstalling 2months ago)
>
>
>
> --
> =================================
> Most learned on these newsgroups
> Tumppi, Helsinki, FINLAND
> (translations from/to fi not always accurate
> =================================

Thomas,

XP Home Edition records a number of different events to the
Security log by default.
I believe you'll find entries for the following categories:
Account Logon, Logon/Logoff, System Events, Policy Change and
Privilege Use. I've read that you can use a tool from the
Windows 2000 Server Resource Kit, auditpol.exe, to disable this
feature. I've never tried the procedure so I cannot comment on
how it works. Personally, I can't think of a reason why I'd
want to disable Security logging. I consider it a useful tool.

As you've noted, auditing of these events has to be enabled on
a XP Professional system through the Local Security Policy.
You're also able to audit more events in XP Pro. The Object
Access category is one that is only available in XP Pro.

If you're looking for more info on a particular Event ID, you
might want to visit this web site:

Windows Security Log Encyclopedia
http://www.ultimatewindowssecurity.com/encyclopedia.html

Microsoft provides some information in Appendix E of the XP
Resource Kit. Click on each section of the appendix to view a
description of many of the events ID's.

Appendix E Security Event Messages:
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnf_msg_efgd.asp

If none of the above information answers your question, post
back with more details on exactly what you're trying to have
clarified.

Good luck

Nepatsfan



.

Relevant Pages

  • Re: Ghost in the Recycle Bin
    ... Audit account logon events ... Prevent local guests group from accessing application log ... Prevent local guests group from accessing security log ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: administrator sign on
    ... I dont' think Windows audits this by default. ... Event log in the Security log, in the Computer Management MMC. ... also audit success of, say, logon events, and probably also system events, ...
    (microsoft.public.security)
  • Re: Audit the administrator account?
    ... In a Windows NT domain, the security log of the PDC can be configured to ... "Audit these events" and turn on auditing for "User and Group Management"... ... Event Log for the PDC for event ID 628. ...
    (microsoft.public.win2000.security)
  • Re: Audit problem
    ... I already enabled the suditing ... fail audit options. ... Then, try to check your security log, ... >> I enable object access audit setting and apply all audit ...
    (microsoft.public.win2000.security)
  • Re: DC Policy: just want to audit files, not set security
    ... definition to deliver only Audit SACL to some storage ... > to audit everything. ... Just enabling auditing of object access will generate ... > lot of events in the security log. ...
    (microsoft.public.windows.server.security)