• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 701
  • Last Modified:

Event Viewer for Security not logging

On my Windows XP Laptop, in the properties of Event Viewer > Security, I have all the event types checked and yet nothing is logged except one event from February. I even attempted to logon using the wrong password, but no events are logged.

Can someone tell me how I get it to log properly again?
0
Ryman1
Asked:
Ryman1
  • 5
  • 4
3 Solutions
 
younghvCommented:
Details from "Eagle6990"

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on Audit Object Access.
Close Group Policy.

Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.

Now you can check your security logs to see the auditing logs from this point foward.
0
 
Ryman1Author Commented:
Okay, this is progress. However, I added and removed my computer from a Domain and it it left Domain Polcies in place. When I do what you say, it says:

"The group policy settings that apply to this machine could not be determined."

How can I reset all of these policies to the windows XP default?
0
 
younghvCommented:
Ryman1,
A couple of comments. When you asked about "my Windows XP Laptop", there was not mention of a Domain.
If you're on a Domain, then the audit policies should be configured by your Domain Administrator.

The 'Default' policies are 'Not Configured'.

Go back in to Gpedit.msc and change all the settings to 'Not Configured'.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Ryman1Author Commented:
younghv,

As I mentioned, I'm not on a domain. I mistakenly added it, but immediately removed it from the domain, but the security policies from the domain are still in place - even though I don't get prompted to logon the domain.

I guess what I'm asking is, how do I return all of my policies back to the default. For example, I can no longer see an HTML email unless I explicitly accept it - otherwise, it comes in plain text.

Thanks in advance!
0
 
younghvCommented:
Ryman1,
The most direct way for you to do that is to go into gpedit.msc (Start - Run - gpedit.msc) return.
Go down through all of the folders and either change the settings to 'Not Configured' - or configure them as you want them.

Post back if you have questions - I'm often crystal clear to myself and clear as mud to others.


Vic
0
 
Ryman1Author Commented:
When I try to select a folder, it says:

"The Group Policy security settings that apply to this machine could not be determined."

It's a fairly new laptop.
0
 
younghvCommented:
Don't think I've seen that before.
When I go to:
Local Computer Policy
 Computer Configuration
 Windows Settings
  Security Settings
    Local Policies
     Audit Policy      

I have 9 different Audit settings I can configure.

What do you get?
0
 
Ryman1Author Commented:
Well, I just finished a re-installation - I needed it for a variety of reasons.

Anyhow, I am now trying the step you mentioned in your first post. I  completed the first part, but need some additional info on part 2. Specifically, where is this shared folder?

Thanks again!

<you said>
Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.
<end you said - not sure how to format your posts - help?>
0
 
younghvCommented:
That post was for a specific 'Shared Folder' on a Server (I believe) where someone wanted to monitor who was accessing it.

If you have done this:

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on (ANY FUNCTION/ACTION YOU WANT TO AUDIT).
Close Group Policy.

Your audits should be in place.

Go ahead and try it, then look in your Security log for all the activity that your account has generated.

Vic
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now