Audit Logons/Logoffs

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi

I need to Audit all logons and Logoffs in AD for a certain OU. I have
enabled the Audit Policy for that OU but where do I see the "results"
Is this the best way to do this or is there another way?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

"=?Utf-8?B?TWl0dG9uRQ==?=" <eugenem@transcircuit.com(Do not Spam)> said

> Hi
>
> I need to Audit all logons and Logoffs in AD for a certain OU. I have
> enabled the Audit Policy for that OU but where do I see the "results"
> Is this the best way to do this or is there another way?
>
>

You need to apply the "Audit Account Logon" and "Audit Account Logoff" policy
to the domain controllers, not to the users. This is normally done at the
domain level, not a child OU.

--
Andy.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Do I enable it at Domain Level, Default Domain Policy, Computer
Configuration, Windows Settings, Security Settings, Local Policies - Audit
Policy?
Where do I view these Audits once it has been enabled?

Thanks

"Andrew Mitchell" wrote:

> "=?Utf-8?B?TWl0dG9uRQ==?=" <eugenem@transcircuit.com(Do not Spam)> said
>
> > Hi
> >
> > I need to Audit all logons and Logoffs in AD for a certain OU. I have
> > enabled the Audit Policy for that OU but where do I see the "results"
> > Is this the best way to do this or is there another way?
> >
> >
>
> You need to apply the "Audit Account Logon" and "Audit Account Logoff" policy
> to the domain controllers, not to the users. This is normally done at the
> domain level, not a child OU.
>
> --
> Andy.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

"=?Utf-8?B?TWl0dG9uRQ==?=" <eugenem@transcircuit.com(Do not Spam)> said

>
> Do I enable it at Domain Level, Default Domain Policy, Computer
> Configuration, Windows Settings, Security Settings, Local Policies -
> Audit Policy?

Correct, though it's usually advised not to alter the default domain policy,
but to create a new GPO.

> Where do I view these Audits once it has been enabled?

They will appear in the security event log of your domain controllers.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom