Auditing sign-ins in a Windows NT domain: You want to increase security by monitoring all user logon attempts across the network. Which administrative action should you take?

Introduction:
Security auditing on Windows NT domains records successful and failed logon attempts and writes them to the Security event log. Properly enabling auditing helps detect unauthorized access, brute-force attempts, or account misuse, and supports compliance reporting.

Given Data / Assumptions:

• Environment is Windows NT domain.
• Goal is to record all user logon attempts.
• Need the correct administrative tool and policy setting.

Concept / Approach:
Use User Manager for Domains to configure the domain Audit Policy. Enable “Audit logon events” for success and/or failure as required. Once enabled, domain controllers record authentication attempts in the Security log. Performance Monitor is for performance counters, Alerter is unrelated to auditing, and Server Manager is not the tool to set the domain audit policy for all logons.

Step-by-Step Solution:
1) Open User Manager for Domains on a domain controller.2) Navigate to Policies → Audit.3) Check “Audit logon events” (success and/or failure).4) Review Security logs on DCs to monitor entries and set log retention.

Verification / Alternative check:
Create a test account and attempt a logon; verify an event ID appears under the Security log indicating a success or failure, confirming auditing works.

Why Other Options Are Wrong:

• Performance Monitor: Tracks counters, not security events.
• Alerter service: Sends administrative alerts, not audit logs.
• Server Manager workstation-only auditing: Misstates scope; domain policy is the correct approach.
• DHCP accounting: Not a user logon audit mechanism.

Common Pitfalls:
Forgetting to size Security log files and to forward/centralize logs for retention and analysis.

Final Answer:
Use User Manager for Domains to enable auditing of logon events