Your first line of defense should be to implement a security solution that includes up-to-date antivirus software, antimalware software, and a correctly configured firewall. You should also configure Windows XP to use the most restrictive security settings. Even with all of this protection in place, things can slip through the cracks, so it's equally important for your computer to have a good audit policy in place. An audit policy makes a log of the events that have occurred on your computer.
If damage has occurred to your system, you can review these settings to try to figure out what went wrong. Even if your system hasn't experienced a security breach, you can use the audit log to find out what sorts of attacks are being attempted against your PC. To enable audit logging on a Windows XP system, you will have to log in as a user with local administrative privileges. When you do, you will see the screen shown in Figure A. When you double-click on any of the audit policy elements, you'll see a screen similar to the one shown in Figure B that allows you to audit successes, failures, or both.
The first audit policy element is Account Logon Events. If you were to do a success audit, a log entry would be created every time someone successfully logged in to the machine. A failure audit would be generated any time that someone attempted to log in to the machine, but was not able to successfully authenticate.
There are also a few other audit options available within the console at Security Settings Local Policies Security Options. These additional audit policies work a little bit differently from the other audit policy elements I mentioned above. These settings are either enabled or disabled. There is no success or failure option associated with them.
The reason these objects behave differently is because they are global in scope. For example, you can audit the access of global system objects, as well as the use of backup and restore privileges. You can also set an option to shut down the system if it is unable to log auditing information, although I don't recommend using this option. This Blog Includes show. Setup Used for Practicing Metasploit Basics:.
Was this post helpful? Yes No Share this Oldest Newest Most Voted. Inline Feedbacks. Jack Lamb. Naman Rastogi namanrastogi. If the behavior is see say for example, the Favorites location value is overwritten by a software , it's time to inspect the Event Log Security log which contains the Security audit information.
Proceed to Phase III. On the Auditing tab, click Add. Cancel Submit. In reply to A. User's post on July 22, The link doesn't seem to work anymore. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site. Another download link but it's not an.
0コメント