Hi,
I understand that you are trying to audit login and logout activities of
the domain users and are note able to view any audited events in the event
log.
Please find the details on how to audit logon and logoff events for the
users.
If you want to audit domain logon event, please enable the 'audit account
logon events'. Please find more information about the audit policy.
Audit account logon events
---------------------------------------
Group policy path: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy
Description
-----------------
Determines whether to audit each instance of a user logging on or logging
off of another computer where this computer was used to validate the
account.
For domain controllers, this policy is defined in the Default Domain
Controllers Group Policy object (GPO). The default setting is No auditing.
If the auditing has to be recorded on the domain controllers, enable this
policy. The events are recorded in the security log of the event viewer in
domain controller.
If you define this policy setting, you can specify whether to audit
successes, audit failures, or not to audit the event type at all. Success
audits generate an audit entry when account logon occurs successfully.
Failure audits generate an audit entry when an attempted occurrence of the
account logon fails. You can select No auditing by defining the policy
setting and unchecking Success and Failure.
As an example, if success auditing for account logon events is enabled on a
domain controller, then an entry is logged for each user validated against
that domain controller even though the user is actually logging on to a
workstation that is joined to the domain.
If you want to audit logon events to the local workstations, please enable
the 'audit logon events' policy.
Audit logon events
--------------------------
Group policy path: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy
Description
-----------------
Determines whether to audit each instance of a user logging on, logging
off, or making a network connection to this computer.
If you are auditing successful 'Audit account logon' events on a domain
controller, then workstation logons do not generate logon audits. Only
interactive and network logons to the domain controller itself generate
logon events. In short, "account logon events" are generated where the
account lives. "Logon events" are generated where the logon occurs.
By default, this value is set to No auditing in the Default Domain
Controller Group Policy object (GPO) and in the local policies of
workstations and servers. If this policy is enabled on domain controllers,
any interactive logon to domain controller is audited.
If you define this policy setting, you can specify whether to audit
successes, audit failures, or not to audit the event type at all. Success
audits generate an audit entry when logon occurs successfully. Failure
audits generate an audit entry when an attempted occurrence of the logon
fails. You can select No auditing by defining the policy setting and
unchecking Success and Failure.
Hope this information helps you successfully audit logon and logoff events.
Thank you,
Rashmi
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Vai2000" <
[email protected]>
| Subject: Event log!
| Date: Wed, 2 Jun 2004 15:43:11 -0400
| Lines: 12
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| Message-ID: <
[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 167.102.229.28
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.active_directory:81087
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi All, I am unable to see any entries on the Security Event log of my AD
| Box. I recently turned audit policies and was looking to see the login and
| logout activities of the users.
| I have gone through the various policies under of the Domain Policy Snap
In
| but still no luck.
|
| Any clues?
|
| TIA
| OS: WIN2k Adv Server
|
|
|
