1. Home
  2. Windows Tips
  3. Windows 7 what is account auditing and how to enable it

Windows 7: What is Account Auditing And How To Enable It

The Account auditing feature is related to the security of your system. This feature is kept disabled by default, we will discuss the following two points in this post:

  • What Is Account Auditing
  • How To Enable Account Auditing In Windows 7

What Is Account Auditing

Whenever you are connected to the Internet, you are at risk. Anyone can try to access your system and if  enhanced security is not implemented, then the hacker can steal your confidential data. Account Auditing lets you see who may be trying to break into your account. Whenever someone tries to access your system, an event is generated depending upon whether the access attempt is successful or not. If you have enabled the Account Auditing settings then such type of events are logged in the system and you can view these log files any time to see  if someone is accessing your system or not.

How To Enable Account Auditing Settings

Click Start and type secpol.msc, then hit Enter, the Local Security Policy window will be displayed, now navigate to Local Policy > Audit Policy and right click the Audit account logon events policy option and choose Properties.

Local Security Policy Audit

Now check both the Success and Failure check boxes (By checking both, windows will save the logs of  both successful as well as failed attempts, if you wish to save logs of only failed attempts then only check the Failure option).

Audit Attempts

Now follow the above procedure for Audit Logon events option too.

Audit Logon Events

Right click the Audit logon events option, then choose Properties and check both Success and Failure for this as well. Once done with the settings, click OK.

Now you can see the logs of the login attempts from the Event Viewer, click Start, type Event Viewer and hit Enter. In the Event Viewer window, navigate to the Windows Logs > Security option to see the logs for both the successful and failed logon attempts.

Event Viewer Logs

6 Comments

  1. I have applied “Success, Failure” and press OK on all Security Setting of the following:
    -Audit account logon events
    -Audit account management
    -Audit directory service access
    -Audit logon events
    -Audit object access
    -Audit policy change
    -Audit privilege use
    -Audit process tracking
    -Audit system events
    I have seen that all of these Audit Policies have set to “Success, Failure”.
    However, they all return to “No auditing” after closing the window of Audit Policy.

    Question: Is this normal? How could I retain the “Success, Failure” Security Setting on all Audit Policies.

    Thank you very much

  2. it is very usefull for faculties who teaching computer hardware course, thans for your wondefull effort and may God bless you.