RE: Disable Logon/Logoff auditing for the SYSTEM account
- From: v-innjin@xxxxxxxxxxxxxxxxxxxx ("Inn Jin [MSFT]")
- Date: Wed, 13 Dec 2006 05:28:38 GMT
Hello!
Thank you for posting.
From the description, I understand this issue is that you want to disablelogon/logoff auditing for the SYSTEM account but users'. If I am off base,
please don't hesitate to let me know.
I. Base on my knowledge, there is no such group policy that can be defined
to only audit user accounts' logon and logoff. In SBS 2003 environment, we
do have a GPO applied the Domain Controllers container named Small Business
Server Auditing Policy, which audits logon/logoff Events for Success and
Failure for all user accounts including system account. The logon audit
events policy can be enabled for all user accounts and system account, or
none. You can choose to enable failure audit only or not auditing. To do so:
1. Click Start, click Run, type "gpmc.msc" and click OK.
2. Expand Domains -> your domain -> Domain Controllers.
3. Right-click Small Business Server Auditing Policy and click Edit.
4. Expand Computer Configuration -> Windows Settings -> Security Settings
-> Local Policies -> Audit Policy.
5. In the right pane, double-click Audit logon events and select only the
failure check box or clear all, depends on you. Click OK.
6. Run "gpupdate /force".
II. An alternative choice may be helpful, if you want to check an
individual user's logon and logoff event, you can do following steps:
1). Click Start, point to Programs, point to Administrative Tools, and then
click Active Directory Users and Computers.
2). Right-click Security, and then click Properties.
3). Select Filter tab, and then click Event source drop-down menu and
choose security.
4). Click Category drop-down menu and choose logon/logoff.
5). Input the name of the user you want to check in User box and click OK.
For more reference, please refer to:
314955 HOW TO: Audit Active Directory Objects in Windows 2000
http://support.microsoft.com/?id=314955
Note: this article is applied to window 2003
I appreciate your time. I am happy to be of assistance to you and look
forward to your reply.
Have a nice day!
Best regards,
Inn Jin (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- Prev by Date: Re: Limit User Login to Single Computer
- Next by Date: Re: Help with non-standard SBS setup
- Previous by thread: RE: SBS 2003 Activesync Problem-getting 0x85010004 error on the PDA
- Next by thread: RE: Disable Logon/Logoff auditing for the SYSTEM account
- Index(es):
Relevant Pages
|
