Thursday, October 25, 2007

UnlockThis! Monitor attempts to access and change settings in Windows Vista

Did you ever wonder if there's someone tried to use/access your computer when you're not around? Windows Vista will help you to monitor what's happening on your computer to make it more secure.

1. Open Local Security Policy by clicking the Start button, typing "Local secu" or just type "secpol.msc" into the Search box, and open it.‌  If you are prompted by UAC for confirmation, click "Continue".

2. Click Local Policies -> Audit Policy.

3. Double-click the Policy that you want to monitor/audit.

audit

Audit account Logon events, To see when someone has logged on or off your computer (both local and over the network).

Account management, To see when someone has changed settings on any account such as account name, changed a password, or changed a user group, enabled or disabled an account and created or deleted an account.

Directory service access, To see when somebody accesses an Active Directory object that has its own system access control list (SACL).

Object access, To see when someone has used a file, folder, printer, or other object.

Policy change, To see attempts to change any settings in local security policies

Privilege use, To see when someone performs a user right.

Process tracking, To see when events such as program activation or a process exiting occur.

System events, To see when somebody has turn off or restarted the computer, or when a program tries to do something that it doesn't have permission to do, like if a spyware tried to change a setting on your computer without your permission.

Source: Microsoft.com

4. Choose if you will monitor both Success and Failure attempts or just pick one of them and afterwards click the Apply button.

successfailure

5. Monitor these events using the Event Viewer.

Start menu->Type "Event Viewer"->Open it and click "Continue" to confirm.

In the Event viewer->Go to Windows Logs->Security

No comments:

Post a Comment