Enabling auditing on a single Windows 2000 machine

Enabling auditing on a single Windows 2000 machine

The Windows 2000 default audit policy disables each audit category, so the security log will remain empty on a newly installed system. For GFI LANguard S.E.L.M. to retrieve meaningful security events, you must enable auditing.

NOTE : Local security settings are overridden by the domain global security policy settings.

You can enable auditing for all server and workstation machines on a network basis (for a description how to do this see the next section). You can also do this on a per machine basis. Here's how;

1. From the taskbar, go to Administrative tools > Local Security Policy. This opens up the local security settings.

Local security policy app

2. Go to the Security settings > Local policies > Audit policy node. This node allows you to configure what to audit. Note that in the screen shot, the local audit policies are being overridden by the network audit policies.

3. Now double-click on 'Audit account logon events' and select Success, Failure. Repeat the same procedure for 'Audit logon events'. Windows 2000 will now start logging all logon events. NOTE : on some systems a reboot may be required.

Auditing success and failure of logon events

© 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us

GFI solutions: anti spam - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software

© 2008. All rights reserved. GFI Software	Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: anti spam - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software