Windows 7: What is Account Auditing And How To Enable It
The Account auditing feature is related to the security of your system. This feature is kept disabled by default, we will discuss the following two points in this post:
- What Is Account Auditing
- How To Enable Account Auditing In Windows 7
What Is Account Auditing
Whenever you are connected to the Internet, you are at risk. Anyone can try to access your system and if enhanced security is not implemented, then the hacker can steal your confidential data. Account Auditing lets you see who may be trying to break into your account. Whenever someone tries to access your system, an event is generated depending upon whether the access attempt is successful or not. If you have enabled the Account Auditing settings then such type of events are logged in the system and you can view these log files any time to see if someone is accessing your system or not.
How To Enable Account Auditing Settings
Click Start and type secpol.msc, then hit Enter, the Local Security Policy window will be displayed, now navigate to Local Policy > Audit Policy and right click the Audit account logon events policy option and choose Properties.
Now check both the Success and Failure check boxes (By checking both, windows will save the logs of both successful as well as failed attempts, if you wish to save logs of only failed attempts then only check the Failure option).
Now follow the above procedure for Audit Logon events option too.
Right click the Audit logon events option, then choose Properties and check both Success and Failure for this as well. Once done with the settings, click OK.
Now you can see the logs of the login attempts from the Event Viewer, click Start, type Event Viewer and hit Enter. In the Event Viewer window, navigate to the Windows Logs > Security option to see the logs for both the successful and failed logon attempts.
I have applied “Success, Failure” and press OK on all Security Setting of the following:
-Audit account logon events
-Audit account management
-Audit directory service access
-Audit logon events
-Audit object access
-Audit policy change
-Audit privilege use
-Audit process tracking
-Audit system events
I have seen that all of these Audit Policies have set to “Success, Failure”.
However, they all return to “No auditing” after closing the window of Audit Policy.
Question: Is this normal? How could I retain the “Success, Failure” Security Setting on all Audit Policies.
Thank you very much
it is very usefull for faculties who teaching computer hardware course, thans for your wondefull effort and may God bless you.
I hope that’s not you – Your spelling and grammar are terrible!
English is not everyone’s first language.
Well spotted, but the comment is written in English, so…
how can you be so sure? perhaps part English, part their native language. ever heard of Spanglish? it works with other languages, too…