How to Log UnAuthoried Login Attempts in Win XP
Windows XP offers the following audit policy:
Audit account logon events | Audit users logging on or logging off to another computer using an account from this computer. |
Audit account management | Audit user account and group management. |
Audit directory service access | Audit access to objects in Active Directory. In addition to enabling this audit policy, you need to configure the specific objects you want to audit as well, just like with the Audit object access policy. |
Audit logon events | Audit users logging on or logging off to this computer. |
Audit object access | Audit access to files, folders, and printers. |
Audit policy change | Audit changes to local group policy, including user rights assignment and audit policy. |
Audit privilege use | Audit the use of user rights assignments |
Audit process tracking | Audit the actions of programs. |
Audit system events | Audit shut downs or restarts of the computer and events related to the Security log. |
Find Audit logon events
Select Both success and Failure
Open Run Dialog Box Type eventvwr.msc
When you configured auditing correctly and any of these events occur, they will be written to the Security log in the Event Viewer. Successful attempts will show up with a key icon and failed events will display a lock. You can double-click on an audit log entry to display additional details such as object names and locations





