• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 10. Understanding Your PC Operat... > The Windows NT Audit Policy

The Windows NT Audit Policy

The other item to keep in mind regarding passwords is to periodically review the NT audit logs for suspicious activity. The logs might help identify attempts or even unusual activity on your machine. Of course, to actually view login data, logging must be turned on. By default, logging is not turned on in Windows NT. By using User Manager's Policies option, you can set the audit policy for the machine. Figure 10.19 shows some suggested audit settings you can use to track what is happening on and to your computer. At a bare minimum, account logons and logoffs should be audited. Even when logging is enabled, NT won't warn you about suspicious behavior. You have to check the logs on a periodic basis. A common mistake is to audit too many things. If the log grows too large, you'll be less likely to pay close attention to it. That usually means potential security breaches might go unnoticed. Consider auditing only login failures and file access failures if you have security set up on directories and files. These are good indicators that trouble is brewing. If someone attempts to log in with a bad password or access a restricted file, this will be considered a failure and be written to the log. If you get in the habit of analyzing your security log at least every morning, if not more, you'll be better armed.

Figure 10.19. Suggested NT audit settings.



PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint