Audit logon events This security setting determines whether the OS audits each instance of a user attempting to log on to ...

Audit logon events

This security setting determines whether the OS audits each instance of a user attempting to log on to or to log off to this computer.  

Log off events are generated whenever a logged on user account's logon session is terminated. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures).

Default values on Client editions:

  Logon: Success
  Logoff: Success
  Account Lockout: Success
  IPsec Main Mode: No Auditing
  IPsec Quick Mode: No Auditing
  IPsec Extended Mode: No Auditing
  Special Logon: Success
  Other Logon/Logoff Events: No Auditing
  Network Policy Server: Success, Failure

Default values on Server editions:
  Logon: Success, Failure
  Logoff: Success
  Account Lockout: Success
  IPsec Main Mode: No Auditing
  IPsec Quick Mode: No Auditing
  IPsec Extended Mode: No Auditing
  Special Logon: Success
  Other Logon/Logoff Events: No Auditing
  Network Policy Server: Success, Failure

Important: For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node. For more information about Advanced Audit Policy Configuration, see http://go.microsoft.com/fwlink/?LinkId=140969.

Audit account logon events This security setting determines whether the OS audits each time this computer validates an account's ... Audit account management This security setting determines whether to audit each event of account management on a computer. ... Audit directory service access This security setting determines whether the OS audits user attempts to access Active Directory ... Audit file system global object access This policy setting allows you to apply a comprehensive object access audit policy ... Audit logon events This security setting determines whether the OS audits each instance of a user attempting to log on to ... Audit object access This security setting determines whether the OS audits user attempts to access non-Active Directory objects. ... Audit policy change This security setting determines whether the OS audits each instance of attempts to change user rights ... Audit Policy Change: New Policy: Success Failure %3 %4 Logon/Logoff %5 %6 Object Access %7 %8 Privilege Use %13 %14 Account ... Audit privilege use This security setting determines whether to audit each instance of a user exercising a user right. If ...