Audit Account Logon Events

R

Raul Lucky

Greetings,

Our office is a single domain mixed mode (2000/NT) Active Directory network
and we're trying to get successful audits of our user logon failures. The
following policy was changed at the default GPO:

computer configuration/Windows Settings/Security Settings/Local
Policies/Audit Policy/Audit account logon events: Success/Failure.

Even though we have this policy in place, our domain controllers are not
logging the logon events for either successes or failures. We have no
overiding policies in place and no other settings are set in the Audit
Policy section.

Any thoughts? thanks! Please reply to this group.

Raul
 
R

Roadhawk

I thought logon success/failure was only logged on the computer you're
logging on to?
 
R

Raul Lucky

Actually we got this to work via the Domain Controller Policy Settings.
Apparently this was overriding our Domain Group Policy. Hope this helps.

Raul
 
S

Steven L Umbach

That is correct. They probably had enabled auditing of "account logon"
events in which case failures would be recorded on the domain controller
that the domain user tried to authenticate to. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Audit Policy 4
Audit Logon Events vs. Audit Account Logon Events 1
Auditing Logon Events 2
Authentication Auditing 5
Audit Logon (success an failure) 1
audit logon 2
SecPol Audit Policy: Diff between "Audit account logon events" and "Audit logon events" ? 2
Bad PAssword Attempts not logged 1

Top