MCTS to MCITP , 70-351 , 70-089 , 70-236 , 70-640 , 70-642 , 70-646 , 70-630 , 70-285 , 83-640: Enable Security Log for Monitoring Logon

Thursday, June 10, 2010

Enable Security Log for Monitoring Logon

Securing Domain/system is a hot topic now a days and a challeging task for System Administrators.One of the most important issue is to keep track of the Users logon on Machine which enables Admins to keep track of Access to Permitted/Denied Users.
Windows Comes up with a great utility to Monitor such Tasks on Domain as well as on Local.
I have Prepared this Article for System Admins to Use this Excellent Utility.


Procedure :
First you need to enable the Security login in Administrative Tools ( Enabled by Default in Windows 2003 Server )

For Windows XP :
Open  Control Panel :














Click Administrative Tools :


























Click Local Security Policy:






















Under Local Policies click Audit Policy , then open audit account logon events






















Check Mark the “Success” Event under Audit these Attempts ( You can Also check mark “Failure”)





















Also u need to Check Mark “Audit Logon Events”





















Check Mark the “Success” Event under Audit these Attempts ( You can Also check mark “Failure”)






















For Windows Server 2003 :
Open Administrative Tools à Local Security Policy





















Rest of the Procedure is the Same as Windows XP.

Verification :
Goto à Administative Tools à Event Viewer





















Goto à Security à Success Audit




















Check this Log Info for Verification :

























Procedure is the Same for Windows XP.

User Login Information can be seen using the following path :
Goto Event Viewer and Browse Security :
Security Log Files Path : C:\WINDOWS\System32\config\SecEvent.Evt


Cheers !

Copyright : Himayat Ullah Khan









No comments:

Post a Comment

Use full comments are highly appreciable.

Please do not post irrelevant Messages.

Thanks.

Note: Only a member of this blog may post a comment.