Audit Account Log Events

[Guest]

Hi.

Need help with a GPO. I'm trying to deploy a Domain Based Policy that tracks
account log on events, but i'm having problems.

I created an OU and "drop" the PCs i need to catch the POlicy to that OU. I
created the Policy and linked to the OU, but nothing happen. Any ideas?

PS: if i setup the policy on each PCs, i mean, locally, it works, but i need
to deploy the policies at Domain level.

Thanks in advanced,

 

[Steven L Umbach]

For domain users, you need to enable auditing of account logon events in
Domain Controller Security Policy and you will see the account logon events
for domain users recorded in the security log of the domain controller that
authenticated the user. --- Steve

 

[Guest]

Hi Steven.

I tought the security log events are recorded on each event viewer's member
server (not Domain Controller). That's what i'm expecting to.

 

[Steven L Umbach]

Not for account logons. Account logons are recorded on the computer that
authenticates the user and for domain account that would be domain
controllers. You could however enable auditing of logon events on domain
computers which will show domain users accessing a domain computer by
recording a logon event in the security log of the computer accessed. . --
Steve