B
Brad Baker
We are trying to ensure that we have auditing enabled for all login attempts
to either domain or local machine accounts.
I believe that we have enabled auditing for domain level accounts through
GPO. We have enabled "audit account logon events" and "audit logon events"
under Local Policies -> Audit Policy. I am seeing login attempts for domain
accounts on our domain controller's security logs but I am not seeing login
attempts for local accounts either in the domain controller's security logs
or on the local machine security logs.
How do we enable logging of authentication attempts against local (not
domain) accounts? Is this another GPO setting? Are we looking in the wrong
place? Alternatively, is there a setting at the local machine level that
needs to be set? Any information or assistance would be appreciated.
Thanks,
Brad Baker
to either domain or local machine accounts.
I believe that we have enabled auditing for domain level accounts through
GPO. We have enabled "audit account logon events" and "audit logon events"
under Local Policies -> Audit Policy. I am seeing login attempts for domain
accounts on our domain controller's security logs but I am not seeing login
attempts for local accounts either in the domain controller's security logs
or on the local machine security logs.
How do we enable logging of authentication attempts against local (not
domain) accounts? Is this another GPO setting? Are we looking in the wrong
place? Alternatively, is there a setting at the local machine level that
needs to be set? Any information or assistance would be appreciated.
Thanks,
Brad Baker