How to Enable Auditing with the Security Configuration Editor

Security Configuration Editor (SCE) in Windows NT 5.0 performs three basic functions. First, SCE lets you create security templates. Second, SCE lets you apply a template's security settings to machines. Finally, SCE performs security checks on machines by comparing a machine's existing settings with those in the template, detailing those areas in which the settings differ.

To enable auditing, you need to create a new security policy template, apply it to the machine, and reboot. Here's how to accomplish these tasks with NT 5.0 post-beta 1 (i.e., the 1773 build).

  1. In the Microsoft Management Console (MMC), open Computer Management and expand System Tools in the scope pane to display SCE.
  2. In the scope pane, expand these items in succession: SCE, Configuration/Inspection Templates, and X:\WINNT\Security\Templates, where X is the path drive letter of the drive on which you installed NT 5.0. Two existing SCE policy templates will appear: sample and sampledc.
  3. Right-click sample, and select Save As. In the File name text box, give the new template a name, such as audit-on. The system will append an .inf extension to the file.
  4. Right-click X:\WINNT\Security\Templates, and select Refresh. The scope pane will display the new template.
  5. In the scope pane, expand these items in succession: audit-on (or whatever you named the new template), Local Policies, and Audit Policy. The audit attributes will be visible in the display pane.
  6. Double-click Audit Object Access in the display pane to open a dialog box to modify the existing settings.
  7. Select Audit successful attempts and Audit failed attempts. Click OK. The resulting screen will look similar to Screen 1.
  8. Right-click the new template name in the scope pane, and click Save.
  9. Right-click the new template name in the scope pane, and select Configure. Click OK in the dialog box that pops up.
  10. Reboot the server.

After you have created this new security template, you can modify it to meet your needs. You can then use the Configure command to apply it to the system. (For more information about SCE, see Mark Joseph Edwards, "Service Pack 4's New Security Configuration Editor," page 117.)

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.