Q. How can I restrict guest access to Event logs?
Q. How can I enable auditing of base objects?
A. To enable auditing of base objects perform the following:
- Start the registry editor (regedit.exe)
- Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- From the Edit menu select New - DWORD value. Enter a name of
AuditBaseObjects. click OK
- Double click the new value and set to 1
You can also turn on full privilege auditing (but this will fill your event
log):
- Start the registry editor (regedit.exe)
- Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- From the Edit menu select New - DWORD value. Enter a name of
FullPrivilegeAuditing. click OK
- Double click the new value and set to 1
This FAQ is copyright © 1999 John Savill (SavillTech
Ltd). No part of this document should be reproduced, distributed or altered
without my written permission. Contact
Information.