Check or Attack Name: Account Management Audit

Account Management Auditing is not enabled. Account Management auditing records when new users and groups are created or changed. Since these events are highly sensitive, we recommend always auditing these events. These events appear in the Event Viewer Security Log.

Enable User and Group Management auditing.

To enable auditing, follow these steps:

1. Open the User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the account.
3. From the Policies menu, select Audit to display the Audit Policy dialog box.
4. Select Audit these events. The audit choices are enabled.
5. From the User and Group Management field, select the Failure or Success check boxes.
6. Click OK.