Windows Help Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Friday, 6 January 2012

Turn On Auditing To Monitor Account Attacks

Posted on 18:41 by Unknown
There is no doubt that all of the new security features in the modern versions of Windows will help keep your computer more secure.  However, these features become less valuable when they are not turned on by default.  One feature, known as user account auditing, is not turned on by default. With this feature is turned off, anyone with physical access or remote access to through a hole in your firewall (such an opening for Remote Desktop) can use a brute force attack against your user account for as long as they want without getting noticed at all.   How? The default audit security policy is configured to not log any account logon events, successful or failed.

This allows an attacker to try to hack your accounts for as long as it takes to break in.  There are a few ways to protect against this that I am going to go over in my next article about the Account Lockout policy.  But first, it is important to turn on this account auditing so that you can see who may be trying to break into your accounts.  After you have adjusted the auditing security policy, you will be able to see any account attacks including the account that they tried to logon with and where the request came from.

Let's get started and turn on audition for failed logon events:

    1. Click on the Start Button and key in secpol.msc in the box and hit Enter.
    2. Navigate through Local Policies and Audit Policy.
    3. Right click on Audit account logon events policy and select Properties.
    4. Check the Failure box and hit OK.
    5. Right click on Audit logon events policy and select Properties.
    6. Check the Failure box and hit OK. Your screen should now look like the figure below:



    7. Close Local Security Policy editor.

Your computer has now been configured to log all failed user account logon attempts.

Once you have turned on account auditing, you can view the logs in Event Viewer (run eventvwr.msc) under Windows Logs and Security.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Security Tweaks, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Window Management Keyboard Tricks
    Windows 7 includes many new way to manage your windows such as window snapping and cool tricks like Aero Shake . One secret that few users k...
  • Quick Aero Glass Speed Tip
    The transparent glass effect in Windows 7 looks very nice but on some computers that have underpowered video adapters users will see a perfo...
  • New Taskbar Keyboard Tricks
    Opening up another copy of an application that is already open with the new taskbar can be tricky. Normally when you click on a taskbar item...
  • Change Remote Desktop RDP Port
    Port 3389 is the home of the remote desktop protocol that powers Remote Desktop Services on all modern versions of Windows.  If your system ...
  • Create An Account Lockout Policy
    In my last article I showed you how you can protect your computer against anonymous user account attacks by turning on account logon auditi...
  • Enable iOS AirPrint Support On Windows
    In the latest version of iOS Apple included a new feature called AirPrint. Designed to bring native printing support to the iOS platform it ...
  • How To Mount A VHD File In Windows 7
    VHD (Virtual HardDrive) file support has been deeply integrated throughout Windows 7. Users can make a system backup to VHD file and also bo...
  • Start Explorer In Drive View
    Many users like to start explorer in drive view to directly access their data instead of the document folders. This tweak will show you how ...
  • How To Install Windows 7 And 8 Using A USB Flash Drive
    Physical DVD drives are becoming a thing of the past as the size of our PCs continue shrink and new form factors are emerging. Microsoft dis...
  • How To Fix Windows Installer Crashes
    Microsoft recently updated the Customer Experience Improvement Program Client that is included on all Windows 7 betas. Some of the new setti...

Categories

  • Downloads
  • How-To
  • Internet and Network Tweaks
  • News
  • Performance Tweaks
  • Security Tweaks
  • Software Tweaks
  • Tips
  • Usability Tips
  • User Interface Tweaks
  • Utility Downloads
  • Windows 7
  • Windows 8
  • Windows Home Server
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Vista
  • Windows XP

Blog Archive

  • ▼  2012 (70)
    • ▼  January (70)
      • Quick Aero Glass Speed Tip
      • Improve Sync Performance In iTunes For Windows
      • Improve SATA Hard Disk Performance (Convert From I...
      • Improve Responsiveness By Disabling Min/Max Animat...
      • Improve Old Application Disk Performance
      • How To: Detect What Process Is Thrashing Your Hard...
      • Fix Broken And Slow Tab Issues In Internet Explorer 8
      • Boost Your Performance With ReadyBoost
      • Analyze Energy Efficiency
      • Windows 7 Beta MP3 Corruption Fix
      • Window Management Keyboard Tricks
      • Where Did All My Free Space Go?
      • What Is svchost.exe?
      • Virtualization On Windows
      • Unlock Hidden Windows 7 Themes
      • Start Explorer In Drive View
      • Spell Check Add-on For Internet Explorer 9
      • Share Your Screen With SharedView
      • Search The Office 2010 Ribbon With Search Commands
      • Search The Office 2007 Ribbon With Search Commands
      • Restore Start Menu Internet Search
      • Recover Deleted Photos, Pictures And Other Files
      • Remove Personal Information From Office Documents
      • Publish Native XP Apps On XP Mode (Use IE6 On Wind...
      • Projector Tricks In Windows 7
      • Pin Recycle Bin On The Taskbar
      • Optimize Solid State Drives In Windows 7
      • Open Command Prompt From Any Folder
      • New Taskbar Keyboard Tricks
      • Move The Temporary Internet Files Folder
      • Manage Windows Features From Command Line With DISM
      • Kill Processes From Command Prompt
      • Install Group Policy And AD Tools On Windows 7
      • Install Any Edition Of Windows 7 From Any Windows ...
      • Install And Use XP Mode In Windows 7
      • How To Remove Internet Explorer From Windows 7
      • How To Properly Disable IPv6
      • How To Mount A VHD File In Windows 7
      • How To Install Telnet With Only One Command
      • How To Fix Windows Installer Crashes
      • How To Burn CD And DVD Images (ISO Files) From The...
      • Hide Background Windows With Aero Shake
      • Hidden Send To Menu In Windows 7
      • Fix Aero Glass In Windows 7
      • Enable Vista Glass On Compatible Hardware
      • Fine Tune Windows 7 On Netbooks
      • How To Install Windows 7 And 8 Using A USB Flash D...
      • Fine Tune ClearType Font Smoothing
      • Extend Activation Period To 120 Days
      • Encrypt Removable USB Flash Drives With BitLocker
      • Enable RAW Image Support In Windows Explorer And P...
      • Enable Legacy Windows Help File Support (.hlp file)
      • Enable iOS AirPrint Support On Windows
      • Enable Aero Glass In Windows Virtual PC
      • Disable iPhone AutoPlay Pop-up
      • Create A System Repair/Recovery Disc
      • Create A Flip3D Taskbar Icon In Windows 7
      • Convert Physical Machines To Virtual With Disk2vhd
      • Configure Remote Media Streaming In Windows 7
      • Configure IP Address And DNS From Command Line
      • Close All Open Applications With One Click
      • Clean And Optimize Your New Computer
      • Change Windows Product Key After Install
      • Change Remote Desktop RDP Port
      • Create An Account Lockout Policy
      • Turn On Auditing To Monitor Account Attacks
      • Calibrate Your Display
      • Bypass Open With Lookup Web Service
      • Batch File Rename With Windows PowerShell
      • Automatic Location Based Default Printer Switching
Powered by Blogger.

About Me

Unknown
View my complete profile