Karim Zaki

OVERVIEW: Audit Logon Events


The Audit logon events policy records all attempts to log on to the local computer, whether by using a domain account or a local account. On DCs, this policy records attempts to access the DC only. The policy does not, for instance, track a user who uses a domain account to log on at a workstation. (In that case, the user isn’t logging on to the DC; the DC is simply authenticating the user.) To track all domain account authentication, you should use Audit account logon events.

Published by Karim Zaki

• MBA Major MIS • MCP (Microsoft Certified Professional) Windows XP. • Microsoft Certified in (Managing and Maintaining Microsoft server 2003). • Microsoft Certified in (implementing, Managing, and maintaining a Microsoft windows server 2003 infrastructure) • Microsoft Certified in (Maintaining a MS Win Server 2003 Active Directory) • MCSA 2003 • ISA 2006 Microsoft Internet Security and Acceleration Server 2006, Configuring • MCTS Microsoft Certified Technology specialist • MCITP 2008 (Microsoft Certified IT professional) • MCSA 2012 Server (Microsoft Certified solution Associate) • AZURE Administrator Associate (AZ-103) • MS 365 Identities and services (MS-100) • MS 365 Mobility and security (MS-101) • Microsoft 365 Certified: Security Administrator Associate (MS-203) • Microsoft 365 certified enterprise administrator expert (MS-500) • Messaging Administrator Associate (MS-203) • Azure Security Engineer Associate (AZ-500) • Information Security: Context and Introduction • Microsoft Security Operations Analyst

One comment

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.