On the Domain Controller Security Policy, enable Audit account logon events
& Audit logon events. I do Success & Failure on both. If you do both you
need to be sure to increase the size of your event logs because you will get
a lot of successful logon entries.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.