In the "All Event ID" textbox, include the following ID numbers separated using a comma: Right-click the System category and select the Filter Current Log option.
In In “Group Policy Management Console”, select the new GPO (containing above change).Step 11 – Now, you have to configure this new Group Policy Object (containing this audit policy) on all Active Directory objects including all users and groups.Step 10 – Close “Group Policy Management Editor”.
Step 9 – Similarly, you have to enable “Success” and “Failure” for “Audit Account Logon Events”.Step 8 – Select the “Success” and “Failure” checkboxes, and click “OK”.Step 7 – In the right pane, double-click “Audit logon events” policy to open its properties window.Step 6 – In the navigation pane, go to “Computer Configuration” ➔ “Policies” ➔ “Windows Settings” ➔ “Security Settings” ➔ “Local Policies” ➔ “Audit Policy”.įigure : Configuring audit logon events policy.Step 5 – “Group Policy Management Editor” window appears on the screen.Step 4 – Go to the new GPO, right-click on it, and select “Edit” from the context menu.Step 3 – Create a new GPO dialog box appears on the screen.Step 2 – If you want to configure auditing for the entire domain, right-click on the domain and click “Create a GPO in this domain, and Link it here…”.Step 1 – Open “Group Policy Management” console by running the “gpmc.msc” command.When a domain controller authenticates a domain user account, events are generated and stored on that domain controller.īelow are the steps to enable auditing of user Logon/Logoff events These events happen on the machine where you log in.Īudit Account Logon Events: This setting generates events on the computer that validates logons. You can do this through two GPO settings:Īudit Logon Events: This setting generates events for starting and ending logon sessions. Enable Native Auditing of User Logon/Logoff Events
0 kommentar(er)
