Auditing a Workstation

Things to log and audit on an end-user workstation:

  • Logins/Logouts
  • Using privileged commands
  • Starting apps/sessions
  • Successful Export to removable media
  • Unauthorized access attempts (security logs in event viewer)
  • Attempts to access secure objects
  • Changes to rights and permissions
  • System startup and shutdown