RE: group policy; how to track logins

From: Patrick (Patrick_at_discussions.microsoft.com)
Date: 10/29/04 

Date: Fri, 29 Oct 2004 11:14:01 -0700

"Audit logon events" is for local logons only. Enable the "Audit Account
Logon Events" for domain accounts.

"scott" wrote:

> I'm trying to track when a user logs in and any failed logins (wrong
> password). I set Audit logon events in the local policies section of my
> group policy but I'm not getting anything. Is this the right way to do it,
> or any suggestions are welcome

Relevant Pages

  • Windows 2003 (IIS6) security question
    ... If you enable auditing for "Audit Logon Events" or "Audit Account ... would be for a high traffic web server getting an essentail DOS attack ...
    (microsoft.public.inetserver.iis.security)
  • Re: Get list of users who logged into Domain Controller?
    ... need to enable "Audit logon events" I suggest you also enable "audit account ... Both of these should be enabled on the domain controller policy. ... > Networks" was missing from the Network Properties. ...
    (microsoft.public.win2000.security)
  • Re: Monitor file system changes
    ... There is AD auditing, and then there's file system and other resource auditing. ... Audit logon events: Security Configuration Editor; ... If both account logon and logon audit policy categories are enabled, logons that use a domain account generate a logon or logoff event on ... ...
    (microsoft.public.windows.server.active_directory)
  • Re: Log-in log-out
    ... In addition to the policy already in place also enable the "Audit logon events" policy, you should then see Events 528. ... Audit account logon events will record events 680 and 681. ...
    (microsoft.public.win2000.general)
  • Re: monitor logon time
    ... Appears Audit logon events needs to be turned on also. ... The one you mention is ones the local security system authorised. ... Click on Local Policies/Audit Policies, ...
    (microsoft.public.windowsxp.general)
Loading