Keep track of who uses your shared computer locally, and when
If you share a computer with other users and you’re the primary user, you might want to keep track of who else is using your computer and when. You do so by auditing logon and logoff, which logs these events to the Security log. You can then monitor the Security event log.
Audit logon and logoff
Unlike with object access, all you need to do to make Windows 2000 start auditing logon and logoff events is to enable the appropriate audit policy:
Open the Local Security Policy console from the Administrative Tools folder.
Open the Local Policies\Audit Policy branch.
Double-click Audit account logon events, select Success and Failure, and click OK.
Close the Security Policy Console.
Tip
The audit policy Logon Events tracks non-local authentication such as network use of a resource or a remote service logging on using the System account. You might want to enable this audit policy as well to track remote access to your computer.
Get Windows 2000 Quick Fixes now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
