Viewing the Security Log

  1. Open Shared Folders. Click Start, select Programs, select Administrative Tools, click Computer Management.


  2. In the console tree, click Event Viewer. Double-click Security and in the details pane, examine the list of audit events.


  3. Scroll through the details pane to view the various fields. The event fields are described below.

    Event field



    The event logs record five types of events:

    Error - A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged.

    Warning - An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a warning will be logged.

    Information - An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged

    Success Audit - An audited security access attempt that succeeds. For example, a user's successful attempt to log on the system will be logged as a Success Audit event.

    Failure Audit - An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event.


    The date the event took place.


    The time the event took place.


    The process that raised the event.


    The specific class the event is categorized under.


    A unique numerical identifier for the event.


    The user that generated the event.


    The computer on which the event was generated.

  4. Event details provide more information about events than the Events view. This additional information includes the events source, a description of the event, and details about what is affected by the event. To view additional details for an event, select the event, right-click and select Properties. An event Properties window will appear.

  5. The Description field of the event Properties window provides a longer explanation for the event, including what resources are affected and other technical information.

  6. Appendix B of the Windows 2000 Security Configuration Guide provides additional descriptions of Windows 2000 security events that can be used in defining the information presented in the event logs.