Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Event Viewer for Security not logging

Posted on 2006-10-24
9
681 Views
Last Modified: 2013-12-04
On my Windows XP Laptop, in the properties of Event Viewer > Security, I have all the event types checked and yet nothing is logged except one event from February. I even attempted to logon using the wrong password, but no events are logged.

Can someone tell me how I get it to log properly again?
0
Comment
Question by:Ryman1
  • 5
  • 4
9 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 250 total points
ID: 17798364
Details from "Eagle6990"

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on Audit Object Access.
Close Group Policy.

Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.

Now you can check your security logs to see the auditing logs from this point foward.
0
 

Author Comment

by:Ryman1
ID: 17801374
Okay, this is progress. However, I added and removed my computer from a Domain and it it left Domain Polcies in place. When I do what you say, it says:

"The group policy settings that apply to this machine could not be determined."

How can I reset all of these policies to the windows XP default?
0
 
LVL 38

Expert Comment

by:younghv
ID: 17801927
Ryman1,
A couple of comments. When you asked about "my Windows XP Laptop", there was not mention of a Domain.
If you're on a Domain, then the audit policies should be configured by your Domain Administrator.

The 'Default' policies are 'Not Configured'.

Go back in to Gpedit.msc and change all the settings to 'Not Configured'.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:Ryman1
ID: 17871209
younghv,

As I mentioned, I'm not on a domain. I mistakenly added it, but immediately removed it from the domain, but the security policies from the domain are still in place - even though I don't get prompted to logon the domain.

I guess what I'm asking is, how do I return all of my policies back to the default. For example, I can no longer see an HTML email unless I explicitly accept it - otherwise, it comes in plain text.

Thanks in advance!
0
 
LVL 38

Expert Comment

by:younghv
ID: 17871315
Ryman1,
The most direct way for you to do that is to go into gpedit.msc (Start - Run - gpedit.msc) return.
Go down through all of the folders and either change the settings to 'Not Configured' - or configure them as you want them.

Post back if you have questions - I'm often crystal clear to myself and clear as mud to others.


Vic
0
 

Author Comment

by:Ryman1
ID: 17871369
When I try to select a folder, it says:

"The Group Policy security settings that apply to this machine could not be determined."

It's a fairly new laptop.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 250 total points
ID: 17871422
Don't think I've seen that before.
When I go to:
Local Computer Policy
 Computer Configuration
 Windows Settings
  Security Settings
    Local Policies
     Audit Policy      

I have 9 different Audit settings I can configure.

What do you get?
0
 

Author Comment

by:Ryman1
ID: 18470667
Well, I just finished a re-installation - I needed it for a variety of reasons.

Anyhow, I am now trying the step you mentioned in your first post. I  completed the first part, but need some additional info on part 2. Specifically, where is this shared folder?

Thanks again!

<you said>
Now Right click on the shared folder>Properties>Security Tab>Advanced>Auditing Tab>Add>Type in "Everyone" and press OK>select what you would like to audit such as Read, Write, Delete.  Press OK when finished.
Check the box for "Replace auditing entries on all child objects..." if you want to reset all files in subfolders.
Press OK.
<end you said - not sure how to format your posts - help?>
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 250 total points
ID: 18475789
That post was for a specific 'Shared Folder' on a Server (I believe) where someone wanted to monitor who was accessing it.

If you have done this:

Start>Run>Gpedit.msc
Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy
Enable Success and Failure auditing on (ANY FUNCTION/ACTION YOU WANT TO AUDIT).
Close Group Policy.

Your audits should be in place.

Go ahead and try it, then look in your Security log for all the activity that your account has generated.

Vic
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question