Check or Attack Name: Logon Audit

Logon and Logoff auditing is not enabled. It is important to audit logon and logoff success and failure to be able to detect and track unauthorized access attempts.

Enable Logon and Logoff auditing.

To enable auditing, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the user account from the list.
3. From the Policies menu, select Audit to display the Audit Policy dialog box.
4. Select Audit these events. The audit choices are enabled.
5. From the Logon and Logoff field, select the Failure check box or the Success check box.
6. Click OK.