Windows 2003 (IIS6) security question

From: ML.net (mattlunzer_at_hotmail.com)
Date: 12/12/03 

Date: Thu, 11 Dec 2003 20:25:37 -0600

If you enable (success) auditing for "Audit Logon Events" or "Audit Account
Logon Events" will it log I_User account logon's? Obviously, my concern
would be for a high traffic web server getting an essentail DOS attack
against itself due to a high volume amount of logging in the security logs.

The descriptions on MS site don't say specifically either way...

TIA,

ML

Relevant Pages

  • RE: group policy; how to track logins
    ... "Audit logon events" is for local logons only. ... Enable the "Audit Account ...
    (microsoft.public.win2000.active_directory)
  • Re: Get list of users who logged into Domain Controller?
    ... need to enable "Audit logon events" I suggest you also enable "audit account ... Both of these should be enabled on the domain controller policy. ... > Networks" was missing from the Network Properties. ...
    (microsoft.public.win2000.security)
  • Re: Monitor file system changes
    ... There is AD auditing, and then there's file system and other resource auditing. ... Audit logon events: Security Configuration Editor; ... If both account logon and logon audit policy categories are enabled, logons that use a domain account generate a logon or logoff event on ... ...
    (microsoft.public.windows.server.active_directory)
  • Re: Log-in log-out
    ... In addition to the policy already in place also enable the "Audit logon events" policy, you should then see Events 528. ... Audit account logon events will record events 680 and 681. ...
    (microsoft.public.win2000.general)
  • Re: monitor logon time
    ... Appears Audit logon events needs to be turned on also. ... The one you mention is ones the local security system authorised. ... Click on Local Policies/Audit Policies, ...
    (microsoft.public.windowsxp.general)