JosephKing 3 Posted April 29 Share Posted April 29 Windows Event Logs can be set up for Advanced Auditing. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings Start>Local Security Policy>Advanced Audit Policy Configuration. Enable anything you find interesting like Logon/Logoff, Process Creation/Termination, Credential Validation, Sensitive Privilege Use, RPC events, etc. Check out software like Event Log Explorer or NirSoft FullEventLogView. Link to comment Share on other sites More sharing options...
Recommended Posts