Check or Attack Name: System Audit

System Event Auditing is not enabled. System events include logging shutdowns and restarts, in addition to events affecting system security. Without System Event Auditing, there would be no record of when the host was started or stopped. These events appear in the Event Viewer Security Log.

Enable Restart, Shutdown, and System auditing.

To enable auditing, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the account from the list.
3. From the Policies menu, select Audit to display the Audit Policy dialog box.
4. Enable Restart, Shutdown, and System auditing on Success and Failure.