Microsoft KB Archive/157662

{|
 * width="100%"|

Empty Security Log in Event Viewer

 * }

Q157662

-

The information in this article applies to:


 * Microsoft Windows NT Advanced Server, version 3.1
 * Microsoft Windows NT Workstation versions 3.1, 3.5, 3.51, 4.0
 * Microsoft Windows NT Server versions 3.1, 3.5, 3.51, 4.0

-

SUMMARY
In a default installation of Windows NT, security event logging in the Windows NT Event Viewer is disabled.

To enable security event logging, use User Manager, or User Manager for Domains, and select Audit from the Policies menu.

MORE INFORMATION
Events sent to the security log are also referred to as audit messages. Auditing is controlled from the source of the audit messages. For example, if auditing is required for user access, this can be controlled through User Manager; if auditing is required for file access, this can be controlled through Windows Explorer or File Manager.

If security auditing is left on, the security event log may fill up. To prevent the log from filling up, it may be advisable to change the log properties to overwrite events as needed. This change is done in the Windows NT Event Viewer, Security Event log under the Log, Event Log Settings menu.

For more information on security auditing, please refer to your Windows NT documentation.

Additional query words: prodnt audit 3.1 3.5 3.51 4.0

Keywords : kbnetwork

Issue type : kbhowto

Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT351xsearch kbWinNT350xsearch kbWinNT400xsearch kbWinNTW350 kbWinNTW350xsearch kbWinNTW351xsearch kbWinNTW351 kbWinNTW310 kbWinNTSsearch kbWinNTS400xsearch kbWinNTS400 kbWinNTS351 kbWinNTS350 kbWinNTS310 kbWinNTAdvSerSearch kbWinNTAdvServ310 kbWinNTS351xsearch kbWinNTS350xsearch kbWinNTS310xsearch kbWinNT310xSearch kbWinNTW310Search