Event IDs for Windows Server 2008 and Vista Revealed
August 5 2009 Categorized Under: Articles, Windows, Windows Server, windows vista No Commented
Introduction
Have you ever wanted to track something happening on a computer, but did not have all of the information available to track the event? Well, this article is going to give you the arsenal to track nearly every event that is logged on a Windows Server 2008 and Windows Vista computer. If you use these events in conjunction with the article that I just posted regarding centralized log computers, you can now create an ideal situation, where you are logging only the events that you will review in a centralized location! And best thing about it is that it is all free!
Setting up Security Logging
In order for you to understand how the events track specific aspects of the computer security logging feature, you need to understand how to initiate security logging. Most Windows computers (with the exception of some domain controller versions) do not start logging information to the Security Log by default. This is both a good thing and a bad thing. The bad thing about it is that nothing is being tracked without you forcing the computer to start logging security events. On the other hand, it is positive in that the log will not fill up and potentially cause an error message indicating that the log is full. This is something that Windows Server 2003 domain controllers did without any forewarning.
Read more…