Solved

Event Viewer for Security not logging

Posted on 2006-10-24
9
677 Views
Last Modified: 2013-12-04
On my Windows XP Laptop, in the properties of Event Viewer > Security, I have all the event types checked and yet nothing is logged except one event from February. I even attempted to logon using the wrong password, but no events are logged.

Can someone tell me how I get it to log properly again?
0
Comment
Question by:Ryman1
  • 5
  • 4
9 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 250 total points
ID: 17798364
Details from "Eagle6990"

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on Audit Object Access.
Close Group Policy.

Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.

Now you can check your security logs to see the auditing logs from this point foward.
0
 

Author Comment

by:Ryman1
ID: 17801374
Okay, this is progress. However, I added and removed my computer from a Domain and it it left Domain Polcies in place. When I do what you say, it says:

"The group policy settings that apply to this machine could not be determined."

How can I reset all of these policies to the windows XP default?
0
 
LVL 38

Expert Comment

by:younghv
ID: 17801927
Ryman1,
A couple of comments. When you asked about "my Windows XP Laptop", there was not mention of a Domain.
If you're on a Domain, then the audit policies should be configured by your Domain Administrator.

The 'Default' policies are 'Not Configured'.

Go back in to Gpedit.msc and change all the settings to 'Not Configured'.
0
 

Author Comment

by:Ryman1
ID: 17871209
younghv,

As I mentioned, I'm not on a domain. I mistakenly added it, but immediately removed it from the domain, but the security policies from the domain are still in place - even though I don't get prompted to logon the domain.

I guess what I'm asking is, how do I return all of my policies back to the default. For example, I can no longer see an HTML email unless I explicitly accept it - otherwise, it comes in plain text.

Thanks in advance!
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 38

Expert Comment

by:younghv
ID: 17871315
Ryman1,
The most direct way for you to do that is to go into gpedit.msc (Start - Run - gpedit.msc) return.
Go down through all of the folders and either change the settings to 'Not Configured' - or configure them as you want them.

Post back if you have questions - I'm often crystal clear to myself and clear as mud to others.


Vic
0
 

Author Comment

by:Ryman1
ID: 17871369
When I try to select a folder, it says:

"The Group Policy security settings that apply to this machine could not be determined."

It's a fairly new laptop.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 250 total points
ID: 17871422
Don't think I've seen that before.
When I go to:
Local Computer Policy
 Computer Configuration
 Windows Settings
  Security Settings
    Local Policies
     Audit Policy      

I have 9 different Audit settings I can configure.

What do you get?
0
 

Author Comment

by:Ryman1
ID: 18470667
Well, I just finished a re-installation - I needed it for a variety of reasons.

Anyhow, I am now trying the step you mentioned in your first post. I  completed the first part, but need some additional info on part 2. Specifically, where is this shared folder?

Thanks again!

<you said>
Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.
<end you said - not sure how to format your posts - help?>
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 250 total points
ID: 18475789
That post was for a specific 'Shared Folder' on a Server (I believe) where someone wanted to monitor who was accessing it.

If you have done this:

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on (ANY FUNCTION/ACTION YOU WANT TO AUDIT).
Close Group Policy.

Your audits should be in place.

Go ahead and try it, then look in your Security log for all the activity that your account has generated.

Vic
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now