arash,
This is from Microsoft. I have copied and pasted it for you below:
Windows Auditing Issue
Auditing is a vital step in detecting system intrusions or malicious
activity on your systems and network. The Windows Event Viewer does not log
event entries in the security log unless you enable auditing on the system.
Solution
Enable auditing on each Microsoft® Windows® operating system on your
network. After you enable auditing, you can choose which events to monitor,
such as successful or failed logon attempts. In addition, certain files and
directories can be audited on NTFS file systems for modifications or
deletions. View the links under the Additional Resources section below for
more information on configuring audit policies.
Instructions
To enable auditing on a computer running Windows Server "Longhorn", Windows
Server 2003, Windows Vista, Windows XP, or Windows 2000
Open the Control Panel.
In Control Panel, double-click Administrative Tools, and then click Local
Security Policy.
In Local Security Settings, double-click Local Policies, double-click Audit
Policy, and then click the events that you want to audit. We recommend that
you audit the following events:
Audit account logon events (Success, Failure)
Audit account management (Success, Failure)
Audit directory service access (Failure)
Audit logon events (Success, Failure)
Audit object access (Failure)
Audit policy change (Success, Failure)
Audit system events (Success, Failure)
To view the event logs, click Start, point to Programs, point to
Administrative Tools, and then click Event Viewer.
Additional Resources
Chapter 3 - Audit Policy (Threats and Countermeasures Guide)
Chapter 9 - Auditing and Intrusion Detection (Securing Windows 2000 Server)
Windows Server 2003: Auditing Security Events Best Practices
©2002-2007 Microsoft Corporation. All rights reserved.
I hope this helps you.
C.B.
--
It is the responsibility and duty of everyone to help the underprivileged
and unfortunate among us.
"arash" <arash@discussions.microsoft.com> wrote in message
news:245E8906-2A8D-4B98-8527-3365732D4289@microsoft.com...
> C.B.,
>
> Thank for your help. I look for the Local Security Policy in the Control
> Panel, but I couldn't find it! I use Windows Vista Home Premium, is that
> why
> it's not there?! Is there any other way to do same thing in another place?
>
> Thanks again for your consideration,
>
> Arash
>
>
> "C.B." wrote:
>
>>
>>
>> "arash" <arash@discussions.microsoft.com> wrote in message
>> news:8EBD5698-A56B-461D-9F08-251F30FA05F6@microsoft.com...
>> > My Windows Vista Event Viewer used to log all logon and logoff events,
>> > and
>> > I
>> > could audit all user account activities. But recently it just logs the
>> > logon
>> > event for user accounts and doesn't show any logoff event. I know how
>> > to
>> > turn
>> > on and off the auditing feature in Windows XP. But I can't find same
>> > thing
>> > in
>> > Windows Vista. I will appreciate if someone helps me.
>> >
>>
>> arash,
>>
>>
>> Open the Control Panel. In Control Panel select Administrative
>> Tools.
>> Select Local Security Policy and then expand Local Policies in the left
>> pane. Select Audit Policy and read the results in the right pane at which
>> time you can select what you desire.
>> You can also select Security Options, under Local Policies in the
>> left
>> pane and check out the results in the right pane.
>>
>> C.B.
>>
>>
>> --
>> It is the responsibility and duty of everyone to help the underprivileged
>> and unfortunate among us.
>>
Linear Mode
