By default it is not configured, but you can force the computer to automatically shut down rather than continuing to run without the ability to log security events.

event viewer not updating-35

To see the options you have for security auditing and logging and to enable or disable them, go to Control Panel - Local Security Policy.

Once the Local Security Settings console window opens, click on Local Policies then Audit Policy.

You can click on the policy and enable it if you want to make sure the computer shuts down if it is unable to log security events for any reason.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response.

I've been messing with this for a couple of hours now and am at a loss.

We are running Windows Server 2012 R2 with a Server Core install as our primary domain controller and want to be able to log Active Directory account lockouts event into Event Viewer so we can then trigger notifications off of them.One of the simplest means of monitoring the performance and security of a Windows PC or server is also one of the most overlooked.Before you go out and spend hundreds or thousands of dollars on tools to monitor your system's performance or security, make sure you take a look at the features that are built right into Windows.In Windows XP though you won't find any entries under the Security tab unless you make the effort to first enable security auditing.The functionality is there, but Microsoft does not enable it by default.I have updated the Default Domain Controllers Policy to include Computer Configuration/Policies/Windows Settings/Security Settings/Advanced Audit Configuration/Logon/Logoff/Audit Account Lockout policy set to log Successes and Failures.