My organization has many roaming users who connect to the corporate network by using a dial-up connection and Windows NT 4.0 RAS. Does NT 4.0 RAS provide a way to set advanced RAS logging options? Are RAS events logged with the advanced logging option logged in the NT 4.0 Event Viewer Security log? Also, I don't want to enable advanced logging all the time; I need a way to turn advanced logging on and off. Can I do this?
Yes, you can set NT 4.0 RAS to generate advanced logging entries in the Event Viewer Security log. To do so, set the registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ RemoteAccess\Parameters\EnableAudit (of type REG_D WORD) to value 1. Enabling advanced RAS logging will generate log entries for several RAS-related events including successful connections, disconnections and callbacks, disconnects because of idle lines, authentication time-outs, and other line errors.
Every time you want to turn advanced RAS logging on or off, you'll need to change the above subkey. Also, you'll have to stop and restart the Remote Access Server service for the change to take effect. A last warning: For advanced RAS logging to work properly, you must make sure that the Audit These Events option is selected in the Audit Policy of your NT domain. The Audit Policy dialog box is available through the NT 4.0 User Manager for Domains Policies menu.