WHat does windows event log track?

Posted on 2008-02-09
Medium Priority
Last Modified: 2013-12-04
I'd like to track system activity for help desk support.  I would be interested to see if a user is downloading files from the internet, installing/uninstalling programs or turning off/adjusting security settings.  Does Windows event log track this data?  If so, how long is it kept, does it track by user id if there are more than 1 users per machine and what versions of Windows OS have it?

Question by:vsllc
LVL 66

Accepted Solution

johnb6767 earned 1000 total points
ID: 20860033
Windows & Active Directory Auditing

You can read about what you can audit here.....

Some of the things you mentioned though, arent possible with simple auditing, you would need some sort of web content software, or a proxy, to track what people do online.....
LVL 13

Assisted Solution

martin_babarik earned 1000 total points
ID: 20860876
Your question deserves longer explanation.
For some of the things you need to track you will need 3rd party applications, like proxy server (to control web traffic).
Most of the things can be audited on either domain or local computer level. Most of the auditing settings you will find when you type Start -> Run -> gpedit.msc
Expand Computer configuration / Windows settings / Security settings / Local policies / Audit policy.
Be careful what you enable/disable....you don't need to know literally everything. It depends on what kind of computer it is...domain controller should have definnetly more detailed auditing than some unimportant workstation.
Also be careful about managing the log files. If you audit TOO MUCH, your events might be unwantedly rewriten.

Expert Comment

ID: 21185877
Forced accept.

EE Admin

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…
Suggested Courses
Course of the Month3 days, 17 hours left to enroll

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question