Auditing And Logs
Most operating systems include a logging and auditing facility. To set the security auditing policies in Windows, navigate to Windows: Administrative Tools> Local Security Policy> Local Policies> Audit Policy. You will see that Windows can record successful and failed attempts to log on, access resources, and other potentially sensitive operations. You can enable auditing for a specific resource by opening its properties sheet to the Security tab, selecting Advanced, and then the Auditing tab. To review the security log, navigate to Windows: Administrative Tools> Event Viewer. You will see the security log, as well as logs that contain application error and system error reports. Review the settings and logs on your computer. In a 2- to 3-page report, address the following:
- Your main findings, especially situations you want to investigate
- Auditing settings you would like to modify
- Additional information you find helpful in the logs
- Suggestions to improve the audit and logging user interface
Research the Windows Management Interface (WMI). How could WMI help you with some of the changes you have proposed?