Enabling auditing on a Windows NT machine

Enabling auditing on a Windows NT machine

By default auditing is disabled on newly installed Windows NT machine. For GFI LANguard S.E.L.M. to retrieve meaningful security events, you must enable auditing. To be able to enable auditing, you need to be logged in as an administrative user (one in the Administrators group). To enable auditing:

1. From the Start menu, select Programs >Administrative Tools > User Manager.

2. From the User Manager Policies menu, select Audit. This brings up the Audit Policy dialog.

The Audit policy dialog

3. Now enable "Audit These Events" option and enable these audit events.

Enable all of the events in the Failure column.

Enable those in the Success column for the following events:

Logon and Logoff

User and Group Management

Security Policy Changes

Restart, Shutdown, and System

4. Select OK to accept the Audit Policy. Now all corresponding events will be written to the event log and will be retrieved by GFI LANguard S.E.L.M. The new Audit Policy settings will remain in effect until a user in the Administrators group changes them.

© 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us

GFI solutions: anti spam - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software

© 2008. All rights reserved. GFI Software	Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: anti spam - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software