Re: Auditing Logon Events
From: Steven L Umbach (sumbach_at_nospam-ameritech.net)
Date: 03/12/04
- Next message: Mike Brown - Process Manager: "Re: tar or zipping files to which you have no explicit access?"
- Previous message: help: "Re: Auditing Logon Events"
- In reply to: help: "Auditing Logon Events"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Mar 2004 14:42:14 GMT
That is normal to see. I believe a lot of those events are computer account
related. For a domain controller you may want to audit account logon events
instead and maybe just failures for logon events. --- Steve
"help" <help@help.co.uk> wrote in message
news:c2shp4$34h$1@sparta.btinternet.com...
> At the moment, on a Windows 2000 with SP4 server that is a Domain
> Controller, if I have the following policies set with the DC Security
> Policy:
> Audit Account Logon Events: None
> Audit Logon Events: Success+Failures
>
> then I get mulitple events logged for each instance of log-on and log-off
>
> To be precise, for logons, I get Event IDs:
> 528 Successful Logon
> 515 A trusted logon process has registered with the Local Security
> Authority. This logon process will be trusted to submit logon requests.
> 540 Successful Network Logon: TWICE
>
> For Logoffs
> 538 Successful Logoffs: multiple entries
>
>
- Next message: Mike Brown - Process Manager: "Re: tar or zipping files to which you have no explicit access?"
- Previous message: help: "Re: Auditing Logon Events"
- In reply to: help: "Auditing Logon Events"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
