System Audit

From: michael (
Date: 07/09/02

From: "michael" <>
Date: Tue, 9 Jul 2002 13:05:47 -0700

which platform? nt4, win2k?

for nt4:

- open usrmgr against the machine(s) in question.
- fromt he pull down menu, select policies --> audit
- check the "audit these events" box
- check the success and failures options for "restart,
shutdown, and system"

these events will now be logged in the event log.

for win2k:

- open the "local security policy" mmc
- choose computer configuration --> windows setttings -->
local policies --> audit policy
- enable success and failures for "audit system events"

>-----Original Message-----
>I was curious if anyone knows if you can audit a specific
>event. I just want to audit system shutdown and who might
>be doing that. I know it's probably a easy question I'm
>more of a developer but the admin left the company and
>just doing so basic stuff until a new one is hired.