Results 1 to 6 of 6

Thread: How can I log user actions through XP?

  1. #1
    Member
    Join Date
    Apr 2003
    Posts
    54

    How can I log user actions through XP?

    I am running win XP pro and I need to know how to log such things as user log on log off times applications run and a few other things. I wanted to know if XP incorporated something like this somewhere, since as of yet I cant find anything. I am not looking to use third party applications which might screw up, but might if it looks promising enough. Thanx in advance guys!
    101010 = The answer to liff the universe and everything...

  2. #2
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Hi,

    I don't know what your intensions are but for knowing the logon and logoff times from users you can use the event viewer provided with winXP pro , you can even find out which programs are started at what time (but this is not that detailed and not for all applications).
    This is offcours only when you have this feature turned on... to turn it on you have to go to control panel -- Administrative tools -- local security policy -- Local policies -- Audit Policy and in the right column turn everything on of that what you wanna monitor.

    If you need more detailed info you have to go and search for third party software ...I'm not gonna provide links here because there is some software out there that can be used for malicious practice but a good search through Google will bring you a long way.
    Back when I was a boy, we carved our own IC's out of wood.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    **Moved from Antionline: How do I? to Microsoft Security**
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Auditing User Access of Files, Folders, and Printers
    The audit log appears in the Security log in Event Viewer. To enable this feature:
    Click Start, click Control Panel, click Performance and Maintenance, and then click Administrative Tools.
    Double-click Local Security Policy.
    In the left pane, double-click Local Policies to expand it.
    In the left pane, click Audit Policy to display the individual policy settings in the right pane.
    Double-click Audit object access.
    To audit successful access of specified files, folders and printers, select the Success check box.
    To audit unsuccessful access to these objects, select the Failure check box.
    To enable auditing of both, select both check boxes.
    Click OK.
    Source http://support.microsoft.com/?kbid=310399

    Also when I started doing this on my computer I didn't give it a large enough file size so once the logs got full it wouldn't let anybody log on. To fix this right click on my computer then select manage. Then system tools, event viewer you can then right click on the logs and specify log size.

    [EDIT] Thats weird, It didn't show me your post cemetric when I first loaded the page[/EDIT]
    =

  5. #5
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Thats weird, It didn't show me your post cemetric when I first loaded the page
    Sorry for the late answer there cheyenne1212 .. I'm still trying to find my way on the site and I'm being carefull of not doing anything wrong .

    Also to enlighten the situation about not seeing my post ... this could be due to it being posted during working hours at my job ... I'm trying not to do this to much because I've noticed some problems with that .

    Hope this helps. and again sorry for the late answer .

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  6. #6
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    Also when I started doing this on my computer I didn't give it a large enough file size so once the logs got full it wouldn't let anybody log on. To fix this right click on my computer then select manage. Then system tools, event viewer you can then right click on the logs and specify log size.
    by cheyenne1212
    This is an easy problem to fix. In event viewer, right click Security and choose properties. On the general tab, select an option for log size (recommended: Clear log manually). At the run prompt type 'regedit' to open registry editor. Change or create the dword value named CrashOnAuditFail in HKLM\System\CurrentControlSet\Control\Lsa. Set it equeal to 0 or delete if it is present. Restart your computer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •