JosephKing 1 Posted April 29 Share Posted April 29 Windows Event Logs can be set up for Advanced Auditing. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings Start>Local Security Policy>Advanced Audit Policy Configuration. Enable anything you find interesting like Logon/Logoff, Process Creation/Termination, Credential Validation, Sensitive Privilege Use, RPC events, etc. Check out software like Event Log Explorer or NirSoft FullEventLogView. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.