Information Technology Reference
In-Depth Information
Solution
Using a Graphical User Interface
1.
Open the EventCombMT Utility. Be sure that your domain name is listed in the Domain
text box.
2.
Right-click in the Select to Search/Right-click to Add text box, and select Add Single Server.
3.
Type the name of your server in the Server Name text box and select Add Server, or click
Browse to select the server from My Network Places. Click Close when you've selected
the name of the server.
4.
In the Choose Log Files to Search section, place a check mark next to Security.
5.
In the Event Types section, place a check mark next to the following event types:
Error
Informational
Warning
Success Audit
Failure Audit
Success
6.
Enter the following event IDs in the From and To text boxes:
848
861
7.
Click on Search to begin querying for event log entries that match these criteria.
By default, the results will be stored in a comma-separated values (CSV ) file called
<ComputerName>
-Security_LOG.txt
.
Using Group Policy
Tables 3-30 and 3-31 contain the Group Policy settings that enable the Windows Event viewer
to track events related to the Windows Firewall. As with other Windows auditing events, auditing
Success
events means that the Event Viewer will create an entry if someone attempts to perform
a particular action and is able to do so. Auditing
Failure
events will create an Event Viewer
entry if someone attempts an action and is unsuccessful.
Table 3-30.
Audit Process Tracking Settings
Path
Computer Configuration\Windows Settings\Security Settings\
Local Policies\Security Options
Policy name
Audit Process Tracking
Success
,
Failure
Value
