Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
Audit logon events
KB1904 | Last review: Mar 31, 2014 | Netwrix Logon Reporter, Netwrix Auditor for Windows Server | 5.0 and above
|Question||How to configure audit settings for auditing user logons?|
|Answer||In order to configure auditing policies for Netwrix Auditor - Generic Events (Event Log Manager) and Logon Reporter - please configure following group policy settings::
1. Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events
If you define the audit logon events policy setting, you can specify whether to audit successes and/or audit failures. Success audits generate an audit entry when logon occurs successfully. Failure audits generate an audit entry when an attempted occurrence of the logon fails.
2. Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management
This setting is required to audit password resets, password changes, account lockouts and account unlocks.
Was this information helpful?