Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Event Viewer for Security not logging

Posted on 2006-10-24
9
Medium Priority
?
691 Views
Last Modified: 2013-12-04
On my Windows XP Laptop, in the properties of Event Viewer > Security, I have all the event types checked and yet nothing is logged except one event from February. I even attempted to logon using the wrong password, but no events are logged.

Can someone tell me how I get it to log properly again?
0
Comment
Question by:Ryman1
  • 5
  • 4
9 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 750 total points
ID: 17798364
Details from "Eagle6990"

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on Audit Object Access.
Close Group Policy.

Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.

Now you can check your security logs to see the auditing logs from this point foward.
0
 

Author Comment

by:Ryman1
ID: 17801374
Okay, this is progress. However, I added and removed my computer from a Domain and it it left Domain Polcies in place. When I do what you say, it says:

"The group policy settings that apply to this machine could not be determined."

How can I reset all of these policies to the windows XP default?
0
 
LVL 38

Expert Comment

by:younghv
ID: 17801927
Ryman1,
A couple of comments. When you asked about "my Windows XP Laptop", there was not mention of a Domain.
If you're on a Domain, then the audit policies should be configured by your Domain Administrator.

The 'Default' policies are 'Not Configured'.

Go back in to Gpedit.msc and change all the settings to 'Not Configured'.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Ryman1
ID: 17871209
younghv,

As I mentioned, I'm not on a domain. I mistakenly added it, but immediately removed it from the domain, but the security policies from the domain are still in place - even though I don't get prompted to logon the domain.

I guess what I'm asking is, how do I return all of my policies back to the default. For example, I can no longer see an HTML email unless I explicitly accept it - otherwise, it comes in plain text.

Thanks in advance!
0
 
LVL 38

Expert Comment

by:younghv
ID: 17871315
Ryman1,
The most direct way for you to do that is to go into gpedit.msc (Start - Run - gpedit.msc) return.
Go down through all of the folders and either change the settings to 'Not Configured' - or configure them as you want them.

Post back if you have questions - I'm often crystal clear to myself and clear as mud to others.


Vic
0
 

Author Comment

by:Ryman1
ID: 17871369
When I try to select a folder, it says:

"The Group Policy security settings that apply to this machine could not be determined."

It's a fairly new laptop.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 750 total points
ID: 17871422
Don't think I've seen that before.
When I go to:
Local Computer Policy
 Computer Configuration
 Windows Settings
  Security Settings
    Local Policies
     Audit Policy      

I have 9 different Audit settings I can configure.

What do you get?
0
 

Author Comment

by:Ryman1
ID: 18470667
Well, I just finished a re-installation - I needed it for a variety of reasons.

Anyhow, I am now trying the step you mentioned in your first post. I  completed the first part, but need some additional info on part 2. Specifically, where is this shared folder?

Thanks again!

<you said>
Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.
<end you said - not sure how to format your posts - help?>
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 750 total points
ID: 18475789
That post was for a specific 'Shared Folder' on a Server (I believe) where someone wanted to monitor who was accessing it.

If you have done this:

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on (ANY FUNCTION/ACTION YOU WANT TO AUDIT).
Close Group Policy.

Your audits should be in place.

Go ahead and try it, then look in your Security log for all the activity that your account has generated.

Vic
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question