When reviewing some logon times for a user of Terminal Server I notice many
logon events are recorded in the TS local security log.
But the user in question's logon events seem to only be recorded on the
domain controllers, which is what I expect. Audit policy for the domain
controllers and terminal servers are at the default settings.
Re: Login/Logoff Information ... That will be difficult as domain controllers will only record account logon ... events for when a user logs onto a domain computer.... only record logons while logon events record both logon and logoff. ... Security Policy and also increase the size of the security logs on the ... (microsoft.public.win2000.security)
Re: Logon failure "target account name incorrect" ... Try enabling auditing of logon events on one of the client computers where ... this is happening and in Domain Controller Security Policy enable auditing... of account logon events for success and failure, logon events for failure, ... Look in the Event Viewer on the domain controllers... (microsoft.public.win2000.security)
Re: NT4 & w2k autiding tools needed... ...Windows has built in auditing.... Account logon is probably most useful for domain controllers or ...logon events record attempts of a user to access network resources. ... (microsoft.public.security)
Re: Login Times ... You can enable auditing of account logon events on domain controllers to see when a ... You would need to enable auditing of logon ... member server and not authenticating users to it's local sam. ...Logon events can be ... (microsoft.public.win2000.security)
Re: Auditing Logon events on Windows 2003 DC ... >I am trying to monitor logon failures on our domain controllers.... This article lists the Account Logon events and Audit Logon events... (microsoft.public.windows.server.active_directory)
