audit logon

  • Thread starter Thread starter Terence
  • Start date Start date
T

Terence

Hello,

What is the difference between 'Audit Account logon
events' and 'Audit logon events' inside domain security
policy?

thanks for help!
Terence
 
Audit account logon events are recorded on the computer where a user logs on
authenticating to either a local sam or Active Directory. Logon events are
recorded whenever a user accesses a computer/resource with their
credentials. For instance, if you log onto a domain, the authenticating
domain controller will record an account logon event in it's security log if
auditing for it is enabled. However if you access a server with those domain
credentials, a logon event would be recorded on that server if it is
enabled. When you log onto a domain at a domain computer, you are actually
logging onto the domain and not to that computer, and no account log on
event would be recorded on that computer but a logon event would. Hope that
helps. -- Steve
 
In addition, Logon/logoff events have more information, and come in pairs
(logon<--->logoff). Account logons don't have associated logoff events.

--
Eric Fitzgerald
Program Manager, Windows Auditing
Microsoft Corporation

The above message is provided "AS-IS" with no warranties, and confers no
rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unexplained 540 Events in Security log on W2K workstation in a dom 0
Audit Logon Events vs. Audit Account Logon Events 1
Authentication Auditing 5
Audit Account Logon Events 3
Audit Logon (success an failure) 1
Bad PAssword Attempts not logged 1
Security log in Event Viewer shows Failure Audits from other pcs???? 6
SecPol Audit Policy: Diff between "Audit account logon events" and "Audit logon events" ? 2

Back
Top