Audit Category: Account Logon (Vista and Windows Server 2008)

This Page is locked
Modified: 2008/01/13 21:50 by Randy Franklin Smith - Uncategorized
To log these events you must either enable this entire Account Logon category using the Audit account logon events policy or you can enable any of the subcategories below using the auditpol command. Edit

Subcategories

About this category

Following is an excerpt from: The Windows Server 2003 Security Log Revealed.

Microsoft should have named this category Authentication instead of Account Logon to reduce confusion between it and the Logon/Logoff category. On DCs, these events allow you to track all attempts to log on with a domain user account, regardless of where the attempt originates. On a workstation or member server, these events document any attempts to log on by using a local account stored in that computer’s SAM.


Additional Links

A
D
V

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, All rights reserved. Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. Terms and conditions.