This article was previously published under Q157662
This article has been archived. It is offered "as is" and will no longer be updated.
In a default installation of Windows NT, security event logging in theWindows NT Event Viewer is disabled.
To enable security event logging, use User Manager, or User Manager forDomains, and select Audit from the Policies menu.
Events sent to the security log are also referred to as audit messages.Auditing is controlled from the source of the audit messages. For example,if auditing is required for user access, this can be controlled throughUser Manager; if auditing is required for file access, this can becontrolled through Windows Explorer or File Manager.
If security auditing is left on, the security event log may fill up. Toprevent the log from filling up, it may be advisable to change the logproperties to overwrite events as needed. This change is done in theWindows NT Event Viewer, Security Event log under the Log, Event LogSettings menu.
For more information on security auditing, please refer to your Windows NTdocumentation.