It seems that the service that audits security for my computer has become
disabled. When I look at the event viewer, under the security tab, it only
shows one entry. The entry shows a success audit from a couple of months ago
and that is all. My other computer has entries under the security tab for
scores of various security related events. I have tried to discern what
setting is different between the two machines but there are too many
variances between the two. (this one has XP pro and only a single user
account in use, the other is XP Home and has multiple user accounts).

That being said, I have a few questions.
1) Is this service necessary or particularly useful?
2) Is the service running but not keeping a log?
3) What is the name of the service and how do I start it?
4) Conversley,If not necessary, how can I disable the service or stop the
logging on the other machine?

TIA
--
Mark N.

On Fri, 6 May 2005 17:51:27 -0700, "M8RIX" > wrote:

>It seems that the service that audits security for my computer has become
>disabled. When I look at the event viewer, under the security tab, it only
>shows one entry. The entry shows a success audit from a couple of months ago
>and that is all. My other computer has entries under the security tab for
>scores of various security related events. I have tried to discern what
>setting is different between the two machines but there are too many
>variances between the two. (this one has XP pro and only a single user
>account in use, the other is XP Home and has multiple user accounts).
>
>That being said, I have a few questions.
>1) Is this service necessary or particularly useful?
>2) Is the service running but not keeping a log?
>3) What is the name of the service and how do I start it?
>4) Conversley,If not necessary, how can I disable the service or stop the
>logging on the other machine?
>
>TIA
Perhaps it's the policy.
enter gpedit.msc from the RUN box.
Drill down to comp config/windows settings/secirity settings/
account policy.

I think this is the area where the security logging is enabled.
Dave

"M8RIX" > wrote in message
...
> It seems that the service that audits security for my computer
> has become disabled. When I look at the event viewer, under the
> security tab, it only shows one entry. The entry shows a
> success audit from a couple of months ago and that is all. My
> other computer has entries under the security tab for scores of
> various security related events. I have tried to discern what
> setting is different between the two machines but there are too
> many variances between the two. (this one has XP pro and only a
> single user account in use, the other is XP Home and has
> multiple user accounts).
>
> That being said, I have a few questions.
> 1) Is this service necessary or particularly useful?
> 2) Is the service running but not keeping a log?
> 3) What is the name of the service and how do I start it?
> 4) Conversley,If not necessary, how can I disable the service
> or stop the logging on the other machine?
>
> TIA
> --
> Mark N.

In XP Pro, events are written to the Security log based upon what
items have been selected for auditing through the local security
policy. Auditing has to be enabled before you will see entries in
that log.
To enable auditing you would do the following:
Go to Control Panel -> Adminstrative Tools -> Local Security
Policy.
Navigate to Security Settings\Local Policies\Audit Policy.
There you'll see the types of events you can audit.

Here is an article that describes the process:

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdd_sec_xutj.asp


So to answer you're question, unless you need to keep track of
who's logging on to your computer and accessing files and
folders, you probably don't need to enable auditing.

As for your other computer, auditing of account logon events is
enabled by default in XP Home. It will only audit account logon
events. It cannot be turned off.

Nepatsfan