Hackers often gain access to a system by setting up an automated program that bombards a server with thousands of possible password combinations. Windows NT provides an auditing utility that can help you recognize these hacking attempts by tracking events at the system and object level.
NT does not enable this auditing option by default, so you'll need to turn on this feature. To configure NT to audit events, follow these steps:
These options include:
When you select one or more of these items, NT tracks occurrences of the events and stores them in the Security Log, which you can view in the Event Viewer. (Go to Start | Programs | Administrative Tools | Event Viewer.)
For example, to watch for failed logons, select the Failure check box for Logon And Logoff, and click OK. With this configuration, periodic checks of the Event Viewer should quickly provide evidence of a high frequency of failed logon attempts that could indicate a hacker trying to break into your system.