Empty Security Log in Event Viewer

• Microsoft Windows NT operating system version 3.1
• Microsoft Windows NT Advanced Server version 3.1
• Microsoft Windows NT Workstation versions 3.5, 3.51 and 4.0
• Microsoft Windows NT Server versions 3.5, 3.51 and 4.0

In a default installation of Windows NT, security event logging in the Windows NT Event Viewer is disabled.

To enable security event logging, use User Manager, or User Manager for Domains, and select Audit from the Policies menu.

Events sent to the security log are also referred to as audit messages. Auditing is controlled from the source of the audit messages. For example, if auditing is required for user access, this can be controlled through User Manager; if auditing is required for file access, this can be controlled through Windows Explorer or File Manager.

If security auditing is left on, the security event log may fill up. To prevent the log from filling up, it may be advisable to change the log properties to overwrite events as needed. This change is done in the Windows NT Event Viewer, Security Event log under the Log, Event Log Settings menu.

For more information on security auditing, please refer to your Windows NT documentation.