Re: Logon/Logoff Auditing
From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 07/23/02
- Next message: Eric Fitzgerald [MS]: "Re: Unusual UserIDs on security log"
- Previous message: Eric Fitzgerald [MS]: "Re: Logging user Logons"
- In reply to: TM: "Logon/Logoff Auditing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com> Date: Mon, 22 Jul 2002 18:15:37 -0700
Logon/Logoff events occur on the machine where the access occurred, e.g. the
workstation in the case of a local interactive logon. Account Logon events
occur on the machine which validated the credentials, e.g. a domain
controller in the case of domain credentials being used. In the case of an
interactive access using a local account both events would occur on the same
machine.
Audit policy on domain controllers is controlled by the Domain Controllers
Security Policy, not the Domain Security Policy.
Eric
-- Eric Fitzgerald Program Manager, Windows Auditing and Intrusion Detection Microsoft Corporation "TM" <toddm@rahul.net> wrote in message news:eSP83e1LCHA.1120@tkmsftngp10... > I want to log users logging into their computers. Under domain security > policies, I've enabled Audit Account Logon Events and Audit Logon Events for > Success and Failure. I assume it would show up in the security log on the > domain controller, but nothing. What am I missing? > > What is the difference between Audit Account Logon Events and Audit Logon > Events? > > Is it possible to audit logoff events so I can see how long users are > connected? > > Thanks! > >
- Next message: Eric Fitzgerald [MS]: "Re: Unusual UserIDs on security log"
- Previous message: Eric Fitzgerald [MS]: "Re: Logging user Logons"
- In reply to: TM: "Logon/Logoff Auditing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
