WindowsXP application logging and security

From: Boris (boris@ccsgs.com)
Date: 01/10/03 

From: "Boris" <boris@ccsgs.com>
Date: Fri, 10 Jan 2003 05:29:55 -0800

You can enable Audit Policy using Group Policy snap-in in
Machine Policy/Local Policy node.
Audit Object Access is the setting that you are looking
for. Events are logged into Security log. If you set to
audit both success and failures, make sure to increase the
size of the security log.
>-----Original Message-----
>Hello All.
>
>I was wondering if the following are possible. Does XP
have the
>ability to log execution of programs at, preferably,
kernel level? Can
>this be supported by a third party module, if yes, are
any such
>modules available?
>
>Our aim is simply to have a very detailed log of what is
going on, in
>the system, for analysis and tracking of suspicious
activity. For
>example, if the user tries to execute a program, e.g.
named
>"myprogram.exe", then this should be logged in a defined
user file for
>later analysis.
>
>Is it possible to log unsuccessful user attempts at
accessing data
>where he has not been assigned permissions?
>
>Just how configurable are the permissions of WindowsXP?
Is it possible
>for example to have a list of permitted executable files,
and deny
>anything else that is copied to the system? E.g. The
execution of
>programs for a floppy or any kind of other removeable
data should not
>be allowed withour prior configuration.
>
>If the above are not supported at the operating system
level, and
>third party programs are available, please state which
ones are
>suitable for the job.
>
>Regards.
>.
>