What's different "Logon Event" and "Account Logon Event"

What's different "Logon Event" and "Account Logon Event"

Post by Ben Huan » Fri, 23 Mar 2001 12:48:58



Who can tell me what's  different "Logon Event" and "Account Logon Event" on
Windows 2000 AD?
Thanks

--
Ben Huang

Mar 22,2001

===============================================
There is no security without physical security.
===============================================

 
 
 

What's different "Logon Event" and "Account Logon Event"

Post by Eric Paschoalick Chave » Sat, 24 Mar 2001 06:10:14


Hi Ben,

  Extracted from de resource kit:

Audit logon events
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy

Description
Determines whether to audit each instance of a user logging on, logging off,
or making a network connection to this computer.

If you are auditing successful Audit account logon events on a domain
controller, then workstation logons do not generate logon audits. Only
interactive and network logons to the domain controller itself generate
logon events. In short, "account logon events" are generated where the
account lives. "Logon events" are generated where the logon occurs.

By default, this value is set to No auditing in the Default Domain
Controller Group Policy object (GPO) and in the local policies of
workstations and servers.

If you define this policy setting, you can specify whether to audit
successes, audit failures, or not to audit the event type at all. Success
audits generate an audit entry when logon occurs successfully. Failure
audits generate an audit entry when an attempted occurrence of the logon
fails. You can select No auditing by defining the policy setting and
unchecking Success and Failure.

Audit account logon events
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy

Description
Determines whether to audit each instance of a user logging on or logging
off of another computer where this computer was used to validate the
account.

For domain controllers, this policy is defined in the Default Domain
Controllers Group Policy object (GPO). The default setting is No auditing.

If you define this policy setting, you can specify whether to audit
successes, audit failures, or not to audit the event type at all. Success
audits generate an audit entry when account logon occurs successfully.
Failure audits generate an audit entry when an attempted occurrence of the
account logon fails. You can select No auditing by defining the policy
setting and unchecking Success and Failure.

As an example, if success auditing for account logon events is enabled on a
domain controller, then an entry is logged for each user validated against
that domain controller even though the user is actually logging on to a
workstation that is joined to the domain.


> Who can tell me what's  different "Logon Event" and "Account Logon Event"
on
> Windows 2000 AD?
> Thanks

> --
> Ben Huang

> Mar 22,2001

> ===============================================
> There is no security without physical security.
> ===============================================