logon events

  • Thread starter Thread starter Andreas Moroder
  • Start date Start date
A

Andreas Moroder

Hello,

does anyone know the registry key to set to enable the "logon events"
instead of using the administrative tools ?

Thanks
Andreas
 
Not offhand but what you can try is a registry snapshot program such as the
free regshot. Take a snapshot on a computer just before you enable it and
then again after you enable. Then compare the snapshots. I am sure it would
be in HKLM. Curious that you would need to use the registry as you can use
Group Policy to configure audit policy on domain computer and import
security templates configured as you need into non domain computers using
the secedit command. If you use regshot to track down user settings just
remember to make the changes in HKEY_CURRENT_USER as regshot will show the
setting but for the HKEY_USERS with the user SID.

Steve

http://www.snapfiles.com/get/regshot.html --- Regshot
 
Steven said:
Not offhand but what you can try is a registry snapshot program such as the
free regshot. Take a snapshot on a computer just before you enable it and
then again after you enable. Then compare the snapshots. I am sure it would
be in HKLM. Curious that you would need to use the registry as you can use
Group Policy to configure audit policy on domain computer and import
security templates configured as you need into non domain computers using
the secedit command. If you use regshot to track down user settings just
remember to make the changes in HKEY_CURRENT_USER as regshot will show the
setting but for the HKEY_USERS with the user SID.

Steve

http://www.snapfiles.com/get/regshot.html --- Regshot
Click to expand...
Hello Steven,

we don't have a AD, we use ( can I say that in this mailinglist ) samba
as PDC.

Bye
Andreas
 
Can't be done, intentionally. The registry keys that store the LSA database
are encrypted. You can use the APIs (LsaSetInformationPolicy), or you can
use the Resource Kit Utility Auditpol.exe (which is also the name of the
Vista audit policy command-line tool) if you want to script it.

Eric
 
Back
Top