Auditing logon and logoff isn't getting into Security log

  • Thread starter Thread starter scott.renton
  • Start date Start date
S

scott.renton

Hello

I'm trying to setup logon auditing for a windows 2000 server, which is
the only server in the domain/AD. I followed Microsoft's KB
instructions for setting this up, however, when I test it by logging
off and on of a windows XP workstation that is a member of the domain,
nothing is getting written into the security log.

I am seeing the Security policy applied sucessfully in the Application
log, so I'm guessing the policy is getting updated with the auditing
information, but still nothing is showing up in the security log when I
log on and off.

The only thing I'm seeing as far as errors/warnings is a warning about
DNS getting invalid domain packets from one of the forwarders we use.

is there a delay between setting up the GPO & it's being implemented?

Any help, or even where to start looking, would be appreciated.
 
Followup: I turned on the auditing to see if anything was getting
logged, and I got a log for an account lockout, so I know it's logging
stuff, just not the domain logons.
 
Perhaps you should tell us what you did, what settings you
made, and where; and what the KB was that you used.
Otherwise we can only guess.
 
Followup: I turned on the auditing to see if anything was getting
logged, and I got a log for an account lockout, so I know it's logging
stuff, just not the domain logons.
Click to expand...

There are some links to articles here. Could it be that you checked to
audit only failures and not successes? As you may know, enable logging on
the domain controller and look in the log there to track domain
authentication (and do the same on each workstation if you wish to track
workstation authentication events such as local logins). It doesn't sound
like this is the case, but you might also try clearing the Security log in
Event Viewer in case the log is corrupt.

http://securityadmin.info/faq.asp?auditing
 
Back
Top