Executive Summary:

Give an account read access to the Security event log by composing the appropriate Security Descriptor Definition Language value in the log's registry subkey.
You can restrict user logon to a specific computer by using the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in.
A Trusted Platform Module (TPM) not only stores encryption keys but also uses Platform Configuration Registers (PCRs) to validate an operating system.

Every month, Randy Franklin Smith answers your questions about Windows security. Click the links above to see individual Q&As from this month's column. Send your questions to Randy at rsmith@ultimatewindowssecurity.com.