Introduction GFI LANguard S.E.L.M. uses inbuilt rules tables to determine what makes up a critical, high, medium or low security event. It does this based on the Windows NT/2000 event ID, the specified operational time of the computer and its security level. These 3 factors result in a particular level of security alert. In addition, GFI LANguard S.E.L.M. has 6 different rule tables, one for each type of operating system: Windows NT 4 workstation, Windows NT4 server, Windows NT 4 domain controllers, Windows 2000 Professional, Windows 2000 Server and Windows 2000 domain controllers. This allows GFI LANguard S.E.L.M. to treat events different depending on the role of the computer.