Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Audit Account Logon Events

Audit Account Logon Events

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Audit Account Logon Events

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   10-21-2004 at 01:57:59 PM

Archived from groups: microsoft.public.win2000.security (More info?)

 

Greetings,

Our office is a single domain mixed mode (2000/NT) Active Directory network
and we're trying to get successful audits of our user logon failures. The
following policy was changed at the default GPO:

computer configuration/Windows Settings/Security Settings/Local
Policies/Audit Policy/Audit account logon events: Success/Failure.

Even though we have this policy in place, our domain controllers are not
logging the logon events for either successes or failures. We have no
overiding policies in place and no other settings are set in the Audit
Policy section.

Any thoughts? thanks! Please reply to this group.

Raul

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   10-21-2004 at 11:22:11 PM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

I thought logon success/failure was only logged on the computer you're
logging on to?


"Raul Lucky" <raul.lucky@rwt.com> wrote in message
news:#Ebnc53tEHA.3156@TK2MSFTNGP12.phx.gbl...
> Greetings,
>
> Our office is a single domain mixed mode (2000/NT) Active Directory
network
> and we're trying to get successful audits of our user logon failures. The
> following policy was changed at the default GPO:
>
> computer configuration/Windows Settings/Security Settings/Local
> Policies/Audit Policy/Audit account logon events: Success/Failure.
>
> Even though we have this policy in place, our domain controllers are not
> logging the logon events for either successes or failures. We have no
> overiding policies in place and no other settings are set in the Audit
> Policy section.
>
> Any thoughts? thanks! Please reply to this group.
>
> Raul
>
>

Reply to Anonymous
Anonymous   10-21-2004 at 11:22:12 PM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

Actually we got this to work via the Domain Controller Policy Settings.
Apparently this was overriding our Domain Group Policy. Hope this helps.

Raul
"Roadhawk" <roadhawk@_nospam_zonnet.nl> wrote in message
news:%23NE4fH4tEHA.3200@TK2MSFTNGP09.phx.gbl...
> I thought logon success/failure was only logged on the computer you're
> logging on to?
>
>
> "Raul Lucky" <raul.lucky@rwt.com> wrote in message
> news:#Ebnc53tEHA.3156@TK2MSFTNGP12.phx.gbl...
> > Greetings,
> >
> > Our office is a single domain mixed mode (2000/NT) Active Directory
> network
> > and we're trying to get successful audits of our user logon failures.
The
> > following policy was changed at the default GPO:
> >
> > computer configuration/Windows Settings/Security Settings/Local
> > Policies/Audit Policy/Audit account logon events: Success/Failure.
> >
> > Even though we have this policy in place, our domain controllers are not
> > logging the logon events for either successes or failures. We have no
> > overiding policies in place and no other settings are set in the Audit
> > Policy section.
> >
> > Any thoughts? thanks! Please reply to this group.
> >
> > Raul
> >
> >
>
>

Reply to Anonymous
Anonymous   10-22-2004 at 08:49:14 AM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

That is correct. They probably had enabled auditing of "account logon"
events in which case failures would be recorded on the domain controller
that the domain user tried to authenticate to. --- Steve


"Roadhawk" <roadhawk@_nospam_zonnet.nl> wrote in message
news:%23NE4fH4tEHA.3200@TK2MSFTNGP09.phx.gbl...
>I thought logon success/failure was only logged on the computer you're
> logging on to?
>
>
> "Raul Lucky" <raul.lucky@rwt.com> wrote in message
> news:#Ebnc53tEHA.3156@TK2MSFTNGP12.phx.gbl...
>> Greetings,
>>
>> Our office is a single domain mixed mode (2000/NT) Active Directory
> network
>> and we're trying to get successful audits of our user logon failures.
>> The
>> following policy was changed at the default GPO:
>>
>> computer configuration/Windows Settings/Security Settings/Local
>> Policies/Audit Policy/Audit account logon events: Success/Failure.
>>
>> Even though we have this policy in place, our domain controllers are not
>> logging the logon events for either successes or failures. We have no
>> overiding policies in place and no other settings are set in the Audit
>> Policy section.
>>
>> Any thoughts? thanks! Please reply to this group.
>>
>> Raul
>>
>>
>
>

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Audit Account Logon Events
Go to:

There are 1220 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 1.645 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?