Solved

Event Viewer for Security not logging

Posted on 2006-10-24
9
680 Views
Last Modified: 2013-12-04
On my Windows XP Laptop, in the properties of Event Viewer > Security, I have all the event types checked and yet nothing is logged except one event from February. I even attempted to logon using the wrong password, but no events are logged.

Can someone tell me how I get it to log properly again?
0
Comment
Question by:Ryman1
  • 5
  • 4
9 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 250 total points
ID: 17798364
Details from "Eagle6990"

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on Audit Object Access.
Close Group Policy.

Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.

Now you can check your security logs to see the auditing logs from this point foward.
0
 

Author Comment

by:Ryman1
ID: 17801374
Okay, this is progress. However, I added and removed my computer from a Domain and it it left Domain Polcies in place. When I do what you say, it says:

"The group policy settings that apply to this machine could not be determined."

How can I reset all of these policies to the windows XP default?
0
 
LVL 38

Expert Comment

by:younghv
ID: 17801927
Ryman1,
A couple of comments. When you asked about "my Windows XP Laptop", there was not mention of a Domain.
If you're on a Domain, then the audit policies should be configured by your Domain Administrator.

The 'Default' policies are 'Not Configured'.

Go back in to Gpedit.msc and change all the settings to 'Not Configured'.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:Ryman1
ID: 17871209
younghv,

As I mentioned, I'm not on a domain. I mistakenly added it, but immediately removed it from the domain, but the security policies from the domain are still in place - even though I don't get prompted to logon the domain.

I guess what I'm asking is, how do I return all of my policies back to the default. For example, I can no longer see an HTML email unless I explicitly accept it - otherwise, it comes in plain text.

Thanks in advance!
0
 
LVL 38

Expert Comment

by:younghv
ID: 17871315
Ryman1,
The most direct way for you to do that is to go into gpedit.msc (Start - Run - gpedit.msc) return.
Go down through all of the folders and either change the settings to 'Not Configured' - or configure them as you want them.

Post back if you have questions - I'm often crystal clear to myself and clear as mud to others.


Vic
0
 

Author Comment

by:Ryman1
ID: 17871369
When I try to select a folder, it says:

"The Group Policy security settings that apply to this machine could not be determined."

It's a fairly new laptop.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 250 total points
ID: 17871422
Don't think I've seen that before.
When I go to:
Local Computer Policy
 Computer Configuration
 Windows Settings
  Security Settings
    Local Policies
     Audit Policy      

I have 9 different Audit settings I can configure.

What do you get?
0
 

Author Comment

by:Ryman1
ID: 18470667
Well, I just finished a re-installation - I needed it for a variety of reasons.

Anyhow, I am now trying the step you mentioned in your first post. I  completed the first part, but need some additional info on part 2. Specifically, where is this shared folder?

Thanks again!

<you said>
Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.
<end you said - not sure how to format your posts - help?>
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 250 total points
ID: 18475789
That post was for a specific 'Shared Folder' on a Server (I believe) where someone wanted to monitor who was accessing it.

If you have done this:

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on (ANY FUNCTION/ACTION YOU WANT TO AUDIT).
Close Group Policy.

Your audits should be in place.

Go ahead and try it, then look in your Security log for all the activity that your account has generated.

Vic
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question