Viewing The Security Log

By Author: Mike Jones
Total Articles: 256
Comment this article

The security log contains information about mcitp boot camp events that are monitored by an audit pol?icy, such as failed and successful logon attempts. Review the security log frequently. Set a schedule and regularly review the security log because configuring auditing alone does not alert you to security breaches.
To view the security log, complete the following steps:
1.Click Start, point to Administrative Tools, and then click Event Viewer.In the console tree, select Security. In the details pane, the Event Viewer console
displays a list of log entries and summary information for each item, as shown in Figure 13-12.
Successful events appear with a key icon and unsuccessful events appear with a lock icon. Other important information includes the date and time that the event occurred, the category of the event, and the user who generated the event. The category indicates the event category, such as Object Access, Account Management, Directory Service Access, or Logon Events.
3.To view the properties for any event, double-click the event. The properties for ...
... a logon/logoff event are shown in Figure 13-13.
Exercise 1: Viewing and Filtering the Security Log
In this exercise, you view the security log for your computer. Then, you filter the log to display only specific events.
To view and filter the security log
1.Use the procedure provided earlier in this lesson to view the security log. As you scroll through the log, double-click a couple of events to view a description.
2.Use the procedure provided earlier in this lesson to windows 7 enterprise desktop support technician filter all event types to display those with the Event ID of 576.
3.Use the procedure provided earlier in this lesson to remove the security log filter.
Exercise 2: Configuring the Security Log
In this exercise, you configure the Event Viewer console to overwrite events when the security log gets full.
To configure the security log
Use the procedure provided earlier in this lesson to configure the security log size. Change the maximum log size to 2048 KB and overwrite older events with new events as necessary.
System Root Security Template (Rootsec.inf)
The system root security template specifies the new root permissions introduced with Windows XI3. By default, Rootsec.inf defines these permissions for the root of the sys?tem drive. This template can be used to reapply the root directory permissions if they are inadvertently changed, or the template can be modified to apply the same root permissions to other volumes. The template does not overwrite explicit permissions defined on
comptia exams child objects; it propagates only the permissions inherited by child objects.