2.4. Implementing Auditing

After you set up security on a Windows system by setting permissions on the folders and files, configuring user rights, and placing users in the appropriate groups, make sure that the security of the OS is effective. To monitor what is happening on the system, you enable auditing, which notifies you when certain things happen on the system. For example, you might want to be notified if someone fails to log on to the system, using a correct username and password — this could be someone trying to guess the password of the account.

To effectively work with the auditing feature in Windows, there are two steps:

  1. Enable auditing.

    You must first enable auditing. Simply choose what events you wish to audit. The nice thing about auditing in Windows is that you choose which events you care to know about.

  2. Review the audit log.

    After you enable auditing, ensure that you monitor the log regularly for any security-related issues. For example, if you notice a failure to log on over and over for the same account, that is an indication that an account is being hacked.

The following sections offer more details about these two steps.

2.4.1. Enabling auditing

To enable auditing in Windows, modify the Local Security Policy:

  1. Choose StartControl Panel.

  2. In the Control Panel, choose Performance and Maintenance (XP) or System and Maintenance (Vista) and then Administrative Tools, located ...

Get CompTIA A+® Certification All-In-One For Dummies®, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.