No XP sp3 security event log

Mini-Tower 4100 E gateway XP Pro SP3 P4 3.2 HT 2 GB RAM Avast free 7.0.1426, COMODO Firewall free 5.10.228257.2253, Windows Defender.

For a while now, when I go to the event viewer, system logs and application are met, but nothing shows up in the security logs.

I reset the security for the default logs, after having erased the old entries.  I left Application and system records alone.

Malware?  System works normally, no freezes or crashes.

Registry settings?  Settings of the administrator?

It's the only thing wrong with this system.

Procedure recommended action?

I have indicated the path in my first answer.  In gpedit.msc, the path is:

Local Computer Policy\Computer ordinateur\parametres windows\parametres securite\strategies locales\strategie

.. .and inside there's a list of things you can audit.  You can enable their success, failure, two or no checks at all.  Disable the audit, and you will not save anything in your log file.

As the proverb goes...  "Size is not serious...". »  ;-)  You can set the size of your log files regardless of what you put in.  In the Event Viewer, simply right-click on the 'System', 'Process' or 'Security' entry in the left column and select "Properties".  Then tell him what is the desired size of your log file before it starts to replace the entries.

Yes, Windows can open an .evt file.  It is that event viewer.  When event viewer is open, just click on 'Application', 'Security' or 'System' in the left column depending on what type of file .evt you want to open, and then select "open a log file.  It will then give you the option to navigate to the log (.evt) file.

I don't know what else I can tell you other than to direct you to this:
"How to audit access of the user files, folders and printers in Windows XP"
  <>http://support.Microsoft.com/kb/310399 >
There is no path that they give in step 1 on my machine.  I have the chance to:
Start-> programs-> administration-> local security policy tools.
or
Start-> Run-> "secpol.msc".

HTH,
JW

Tags: Windows

Similar Questions

  • Security event log getting the message "local computer maybe not the files of the necessary registry information or message DLL to display messages from a remote computer" for all entries. System and application logs do not receive messages

    PC is Windows XP.  The server is Windows 2000.  I have administrative rights on both machines.

    On getting PC security event log do message "local computer, maybe not the files of the necessary registry information or message DLL to display messages from a remote computer" for all entries.  System and application logs do not receive messages

    Hi carmol,.

    Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited to the audience on TechNet forum.

    Please post your question in the Sub forum. Link: http://social.technet.microsoft.com/Forums/en-us/winserverManagement/threads

    With regard to:

    Samhrutha G S - Microsoft technical support.

    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Is it possible to create an account with all the rights of an administrator of domain, except the privilege to read and modify the security event logs.

    The account will also be restricted to change its own priveliges.

    Hi Ddcrre,

    Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for Windows Server on TechNet. Please ask your question in the Forums in TechNet Windows Server.

  • Need help, trying to decipher my Panel event logs control for security and applications.

    Hi, I need help trying to figure out how to decipher my control panel the security event logs and logs application for account hacking.

    All the advice to learn how to see what who are normal and what is malicious?

    Occurrences of breach possible system, based on very high traffic for the opening of session and closing session and special privilege settings.

    Please notify.

    HP Pavilion DV9700 entertainment

    Windows Vista SP1 Home Premium 32

    I'll leave this thread closed, since I work with other people on another forum on this topic.

  • The event log does not start error 31: a device attached to the system is not functioning

    I can't get the service to start on my winxp sp3 pc event log. I have tried everything I know:

    • Running sfc/scannow
    • Reset permissions
    • Search for malware and viruses
    • Rebuild the WMI
    • Create a new account
    Nothing seems to work, I think that this is related to an error in hardware/device, but I see no problem in Device Manager. Can someone point me in the right direction to get this resolved? I don't really want to have to format or restore my PC...
    Thank you.

    * EDIT * well it seems to have fixed myself, I used regedit and navigate to the key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog

    There, I found some records, I deleted the folder "Powershell" and the "Internet Explorer" folder, and the event log service, and then began. I had uninstalled IE and Powershell but these records were still there so I thought I would like to remove to see if he has made all the difference.
    Thanks for your time!
    -Antoni

  • McAfee security center updates. The event log shows no signature of threat.

    McAfee security center updates. The event log shows no signature of threat. That it states that I am protected I never had any "alerts" from him. Anyone know if it's OK or a way to check it out. The following is in the event log

    Log name: Application
    Source: McLogEvent
    Date: 2009-08-28 17:42:15
    Event ID: 5000
    Task category: no
    Level: Information
    Keywords: Classic
    User: SYSTEM
    Computer: XPS
    Description:
    The McShield service started.
    Engine version: 5301.4018
    DAT version: 5722.0000
     
    Number of signatures in EXTRA. DAT: no
    Names of the threats that EXTRA. DAT can detect: None
    The event XML:
    http://schemas.Microsoft.com/win/2004/08/events/event">
     
       
        5000
        4
        0
        0 x 80000000000000
       
        23259
        Application
        XPS
       
     
     
        5301.4018
        5722.0000
        None
        None
     

    Thanks for the reassurance. Tech support McAfee response to any problem seems to be reinstalled, I've done a dozen times.

  • Security-SPP in the Application event log

    Hello


    Since we installed the Agent Mirage to the Windows application log is filled with entries 'Security-SPP.

    I stopped the Service of Mirage and the flooding event log stopped also.

    Any ideas why this happens? Or someone at - it same problem?

    Thanks for your help.


    Cordially Sébastien


    Hi Sebastian,.

    The client of Mirage periodically polls WMI for Windows license information.

    This WMI query triggers an event log message. Because the Mirage makes this request every X minutes, you have more of these events in the event log.

    However, this event log is a log of the information only events. Although it appears several times, it indicates no problem with your machine.

    We already have an open problem on this in our backlog for fixing this behavior, I hope that this correction will be introduced in future releases.

    Kind regards

    Tal

  • Tecra S10 - event log shows several errors

    My Tecra S10-167 has a problem since a few weeks now. In the event log, I have several errors, but especially this one:

    Provider of
    [Name] atapi
    -EventID 11
    [Qualification] 49156
    Level 2
    Task 0
    Keywords 0 x 80000000000000

    -TimeCreated
    [SystemTime] 2011-02 - 14 T 18: 20:12.558505100Z
    EventRecordID 3020
    Channel system
    Security

    -EventData
    \Device\Ide\IdePort0
    00000000000000000000000000000000000000000000000000 000004100000 0000100001000000000000000B0004C002000000850100C000

    My laptop gives me fatal errors and it restarts itself.
    Can someone help me solve this problem? Please guide me through this because I don't know much about computers.

    I have already reinstalled windows 7 with no result.

    Thank you...

    Hello

    New OS installation didn't help?

    Well, maybe something wrong with the RAM?
    Run tests of RAM using the memtest86 +.
    Maybe this tool allows to detect certain errors

    But unfortunately, the message displayed in your ad says nothing to me :(

  • Telephone call about the event log errors - they claim to be the Technical Support

    Original title: event error logs

    I get a phone call from a person claiming to be a b/c my computer Tech support has published many errors in the event log.  Is - is this legitimate?  He wants me to do stuff in the event log.

    Hello

    Yes, it's a SCAM!

    Avoid scams to phone for tech support
    http://www.Microsoft.com/security/online-privacy/avoid-phone-scams.aspx

    In the United States, you can contact the FBI, Attorney general, the police authorities and consumer
    Watch groups. Arm yourself with knowledge.

    The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation
    (FBI) and the National White Collar Crime Center (NW3C), funded in part by the Bureau of Justice Assistance
    (BJA).
    http://www.ic3.gov/complaint/default.aspx

    No, Microsoft wouldn't you not solicited. Or they would know if errors exist on your
    computer. So that's the fraud or scams to get your money or worse to steal your identity.

    Avoid scams that use the Microsoft name fraudulently - Microsoft is not unsolicited
    phone calls to help you fix your computer
    http://www.Microsoft.com/protect/fraud/phishing/msName.aspx

    Scams and hoaxes
    http://support.Microsoft.com/contactus/cu_sc_virsec_master?ws=support#tab3

    Microsoft Support Center consumer
    https://consumersecuritysupport.Microsoft.com/default.aspx?altbrand=true&SD=GN&ln=en-us&St=1&wfxredirect=1&gssnb=1

    Microsoft technical support
    http://support.Microsoft.com/contactus/?ws=support#TAB0

    Microsoft - contact technical support
    http://Windows.Microsoft.com/en-us/Windows/help/contact-support

    I hope this helps.

    Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle=""><- mark="" twain="" said="" it="">

  • How to re-enable the alert "maximum event log size is reached" Pop up

    How dose you reactivate the alert pop-up that appears when the event log is full? I used to get a popup alert informing me that the newspaper had reached its maximum. size is specified in Console of Managment computer that allows me to save and clear the log. Now, the log file fills up without notice.

    This can be solved by using a combination of the Microsoft KB articles.

    1. use the "Circumvention" of MSKB843021 (http://support.microsoft.com/kb/843021/en-us)

    2. use registry edit of MSKB243625 (http://support.microsoft.com/kb/243625/en-us

    Although these two KB articles are for different versions of Microsoft Windows Desktop operating systems

    Return WXP SP2 and W2k, I tested successfully on a computer that is running Windows XP SP3 home edition in a VMware Workstation7 environment.

  • What is the 528 event in the security event viewer in Windows XP Home Edition?

    What is the 528 event in the security event viewer in Windows XP Home Edition?

    Hello

    Are you facing problems with your computer?

    Check out the link for details about event ID: 528

    http://www.Microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+operating+system&ProdVer=5.0&EvtID=528&EvtSrc=security

    For reference:

    Procedure to view and manage event logs in Event Viewer in Windows XP

    http://support.Microsoft.com/kb/308427

  • I noticed that my remote access has been activated twice in a week but I did not. no way to verify when, what, who activated via the event log,...?

    I noticed that my remote access has been activated twice in a week but I did not. no way to verify when, what, who activated via the event log,...?

    Hi dewthisnow,

    The information office for remote access must be in the security log.

    For more information, see:

    To disable remote desktop

    To view the logs in Event Viewer, see:

    Using the event viewer        

    Procedure to view and manage event logs in Event Viewer in Windows XP

  • What is event ID # written in the event log when a user compresses its C:\ By car

    Windows XP Pro - SP3

    I want to know what entry # and details entry appears in the event log when a user compresses its C:\ By car

    There is none.  But if you compress ntldr in the process you will certainly get an unambiguous error message when you restart the computer.

    John

  • VB6 DLL is not log messages in the Windows Server 2003 event log when it is called from an ASP page

    Hi all

    I have an ASP web application, I will create a "VBModule1" (VB6 Dll) instance of an ASP page and inside this method of "VBModule1" I create an instance of another VB6 Dll 'VBLogger', who calls App.LogEvent () to write messages to the event log.

    I tested the Web application on the develepoment (XP) machine and everything worked fine but when the user runs the Web application on the Production Server (windows server 2003) events are not saved.

    Friend missing the security settings of my ASP web app that needs to be configured on Windows Server 2003 for VB6 DLLs logging events?

    Please think as soon as POSSIBLE.

    IIS on Windows server 20003 version: 6.0

    Thank you.

    Hello

    The question you have posted is related to Windows Server 2003 would be better suited to the Windows Server community.

    Please visit the link below to find a community that will support what ask you:

    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • You try to start a service error "Windows failed to start the VMware authorization on local computer Service. For more information, see the system event log. If it is a non-Microsoft service, contact the service provider

    Ideas:

    • You have problems with programs
    • ETrying to launch a service error "Windows failed to start the VMware authorization on local computer Service. For more information, see the system event log. If it is a Microsoft service, contact the service provider and refer to the specific service-6000004 error code "... I contacted the people at VMware they say it's a problem with Windows Vista..." IAM confused pls help... .rror messages
    • Recent changes to your computer
    • What you have already tried to solve the problem

    Remember - this is a public forum so never post private information such as numbers of mail or telephone!

    Hi sanjeevkode,

    Thank you for visiting the website of Microsoft Windows Vista Community.  As the question you posted typically associated with third party software / application that has its own way of program codes and call the corresponding system resources when installing and running. Therefore, I also suggest you to join the VMware Forums for the best support.

    VMware communities: http://communities.vmware.com/home.jspa

    In the meantime I suggest you try these options / methods

    IMPORTANT NOTE: Microsoft provides this information as a convenience to you. Proposed changes could lead to serious problems. Microsoft cannot guarantee that problems would be solved as a result of the suggestions. Changes to settings are at your own risk.

    Option 1: If you go to computer management, and then to the list of Services and find the VMware authorization Service, it appears as stopped? If so, you need to start

    Option 2: Try logging on as an administrator Local host during installation first workstation, rather than you connect with a domain ID

    Option 3: The question can be caused also by your security program such an antivirus or a firewall of Windows /Defender that can have conflicting parameters as to not not to perform certain tasks. I suggest you temporary disable antivirus and firewall and check the result again. You must enable security programs new that had disabled you

    Option 4: The problem could be linked to a local or domain group policy. Make sure that the local account is defined as 'local user __vmware_user__' in the local Administrators group and the permissions of "Log on locally" and "Log on as a service.

    The two parameters are available in the "* Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment *" branch of domain group policy or local.

    Let me know if it worked.
    Hope it will be useful.

    Thank you and best regards,
    Vijay K - Microsoft Support
    Visit our Microsoft answers feedback Forum and let us know what you think.

    [If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message.] [Marking a post as answer, or relatively useful, you help others find the answer more quickly.]

Maybe you are looking for