Sign in with
Sign up | Sign in
Your question

Audit Account Logon Events

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
October 21, 2004 11:57:59 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Greetings,

Our office is a single domain mixed mode (2000/NT) Active Directory network
and we're trying to get successful audits of our user logon failures. The
following policy was changed at the default GPO:

computer configuration/Windows Settings/Security Settings/Local
Policies/Audit Policy/Audit account logon events: Success/Failure.

Even though we have this policy in place, our domain controllers are not
logging the logon events for either successes or failures. We have no
overiding policies in place and no other settings are set in the Audit
Policy section.

Any thoughts? thanks! Please reply to this group.

Raul
Anonymous
a b 8 Security
October 21, 2004 9:22:11 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I thought logon success/failure was only logged on the computer you're
logging on to?


"Raul Lucky" <raul.lucky@rwt.com> wrote in message
news:#Ebnc53tEHA.3156@TK2MSFTNGP12.phx.gbl...
> Greetings,
>
> Our office is a single domain mixed mode (2000/NT) Active Directory
network
> and we're trying to get successful audits of our user logon failures. The
> following policy was changed at the default GPO:
>
> computer configuration/Windows Settings/Security Settings/Local
> Policies/Audit Policy/Audit account logon events: Success/Failure.
>
> Even though we have this policy in place, our domain controllers are not
> logging the logon events for either successes or failures. We have no
> overiding policies in place and no other settings are set in the Audit
> Policy section.
>
> Any thoughts? thanks! Please reply to this group.
>
> Raul
>
>
Anonymous
a b 8 Security
October 21, 2004 9:22:12 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Actually we got this to work via the Domain Controller Policy Settings.
Apparently this was overriding our Domain Group Policy. Hope this helps.

Raul
"Roadhawk" <roadhawk@_nospam_zonnet.nl> wrote in message
news:%23NE4fH4tEHA.3200@TK2MSFTNGP09.phx.gbl...
> I thought logon success/failure was only logged on the computer you're
> logging on to?
>
>
> "Raul Lucky" <raul.lucky@rwt.com> wrote in message
> news:#Ebnc53tEHA.3156@TK2MSFTNGP12.phx.gbl...
> > Greetings,
> >
> > Our office is a single domain mixed mode (2000/NT) Active Directory
> network
> > and we're trying to get successful audits of our user logon failures.
The
> > following policy was changed at the default GPO:
> >
> > computer configuration/Windows Settings/Security Settings/Local
> > Policies/Audit Policy/Audit account logon events: Success/Failure.
> >
> > Even though we have this policy in place, our domain controllers are not
> > logging the logon events for either successes or failures. We have no
> > overiding policies in place and no other settings are set in the Audit
> > Policy section.
> >
> > Any thoughts? thanks! Please reply to this group.
> >
> > Raul
> >
> >
>
>
Anonymous
a b 8 Security
October 22, 2004 6:49:14 AM

Archived from groups: microsoft.public.win2000.security (More info?)

That is correct. They probably had enabled auditing of "account logon"
events in which case failures would be recorded on the domain controller
that the domain user tried to authenticate to. --- Steve


"Roadhawk" <roadhawk@_nospam_zonnet.nl> wrote in message
news:%23NE4fH4tEHA.3200@TK2MSFTNGP09.phx.gbl...
>I thought logon success/failure was only logged on the computer you're
> logging on to?
>
>
> "Raul Lucky" <raul.lucky@rwt.com> wrote in message
> news:#Ebnc53tEHA.3156@TK2MSFTNGP12.phx.gbl...
>> Greetings,
>>
>> Our office is a single domain mixed mode (2000/NT) Active Directory
> network
>> and we're trying to get successful audits of our user logon failures.
>> The
>> following policy was changed at the default GPO:
>>
>> computer configuration/Windows Settings/Security Settings/Local
>> Policies/Audit Policy/Audit account logon events: Success/Failure.
>>
>> Even though we have this policy in place, our domain controllers are not
>> logging the logon events for either successes or failures. We have no
>> overiding policies in place and no other settings are set in the Audit
>> Policy section.
>>
>> Any thoughts? thanks! Please reply to this group.
>>
>> Raul
>>
>>
>
>
!