Ask a new question

Windows 7 Security log - lacking

At least in Window Vista, in the Security Event log, any unauthorized attempted login show the originators IP address -- why is this field now removed from Windows 7? Is there a hack or fix to add that field back ?

Hi Ian2012,

This option still exists in Windows 7.

   Application (program) events. Events are classified as error, warning, or information, depending on the severity of the event. An error is a significant problem, such as loss of data. A warning is an event that isn't necessarily significant, but might indicate a possible future problem. An information event describes the successful operation of a program, driver, or service.

· Security-related events. These events are called audits and are described as successful or failed depending on the event, such as whether a user trying to log on to Windows was successful.

Applications and Services Logs vary. They include separate logs about the programs that run on your computer, as well as more detailed logs that pertain to specific Windows services.
1. Open Event Viewer by clicking the Start button, clicking Control Panel, clicking System and Security, clicking Administrative Tools, and then double-clicking Event Viewer.‌ If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
2. Click an event log in the left pane.
3.  Double-click an event to view the details of the event.

For more help on Security logs refer to the articles below:
http://windows.microsoft.com/en-US/windows7/What-information-appears-in-event-logs-Event-Viewer
http://technet.microsoft.com/en-us/library/cc722404.aspx
http://technet.microsoft.com/en-us/library/dd772623%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/dd941592%28WS.10%29.aspx

Security Audit Events for Windows 7
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=3a15b562-4650-4298-9745-d9b261f35814

You can use Windows security and system logs to record and store collected security events so that you can track key system and network activities to monitor potentially harmful behaviors and to mitigate those risks. You customize system log events by configuring auditing based on categories of security events such as changes to user account and resource permissions, failed attempts for user logon, failed attempts to access resources, and attempts to modify system files. The information in this download can help you analyze the data included in event log data.

Please let us know if this assists you in resolving the issue or if further assistance is needed.
Hope it helps.



Thanks and Regards:
Shekhar S - Microsoft Support.

Visit our Microsoft Answers Feedback Forum and let us know what you think. If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.
Thanks and Regards,
Shekhar Sharma

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Ok I tried turning on "Audit: Audit the access of global system objects" from the local security policy option. Im MCSE, not a noob so I know what is the event viewer is, where it is located, and what logs it contains. I rebooted, tried logging in as "someone else" just to make an event - then after corrct login I checked event viewer - the IP address filed has still not appeared. Most of the options you posted did ot apply. the IP address field is simply missing from Security events. I run Windows 7, 64bit. This is very odd as having an IP address of an intruder is a very important piece of information. Surely it is documented somewhere or Microsoft knows how to turn this on. It could very well be named under another SECPOL option.

Thanks  - keep working the problem.

-Ian

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

This issue is still unresolved.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Fantastic how helpful Microsoft is, isn't it.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

When you looked at the event you generated in the Security Log, did you look under the 'Details' tab?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Still not resolved. The Windows 7 Security Event view is lacking. In the USER field it lists N/A for the user even when a successful login is performed. In XP is lists the user AKA "System" "UserXXX" and so on.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated April 22, 2025 Views 5,573 Applies to: