General discussion

Locked

2000 audit polies

By northwood ·
In windows 2000 Professional, there are audit policies located in Local computer policy>local policy>audit policy. There are two LOg on policies. One is called "Account Logon Event" and the other is called "Logon Events. How are these two policies different from each other? To me they seem to do the same thing.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

2000 audit polies

by timwalsh In reply to 2000 audit polies

From Windows Help:

Audit account logon events - Determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account.

Audit logon events - Determines whether to audit each instance of a user logging on to, logging off from, or making a network connection to this computer.

The differences mainly depend on where the user is logging on and which computer validates the log-on.

Hope this helps.

Collapse -

2000 audit polies

by northwood In reply to 2000 audit polies

The question was auto-closed by TechRepublic

Collapse -

2000 audit polies

by Joseph Moore In reply to 2000 audit polies

To add to Tim's answer:
I keep Audit Logon Events set to Failure. That way, if someone tries to log into my machine (either locally or remotely) and they don't have a valid password, it will show in the Security Event Viewer logs, with Event Id 529. This is the failed logon event ID number.

hope this helps

Collapse -

2000 audit polies

by northwood In reply to 2000 audit polies

The question was auto-closed by TechRepublic

Collapse -

2000 audit polies

by northwood In reply to 2000 audit polies

This question was auto closed due to inactivity

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Operating Systems Forums