General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1  33


                 Figure 1.9 Auditing Conditions Enabled and Defined




































                         Following successful initialization of auditing, you must test the set-
                      tings to make sure the system is performing the auditing tasks that have
                      been set up. For this exercise, log off your machine, then attempt to
                      logon using credentials that you know do not exist or using an incorrect
                      password. Then, log back on correctly and return to the exercise.
                      Proceed to Event Viewer in the Administrative Tools folder by traversing
                      Start | Programs | Administrative Tools | Event Viewer. Double-click on
                      Security; you should see a screen similar to the one shown in Figure
                      1.10. Note that we have audited and recorded both success and failure
                      events, noted by the key and lock icons. Highlight a Failure Audit event,
                      as shown, and then double-click on the item.















                                                                              www.syngress.com