ACS - Auditing Domain Logons
Hey
Looking to get a bit of help here. Assuming I have ACS enabled on our DC (only on our DC) what would be the most correct way to audit users logons to the domain. Right now I am up in the air as to which Audit Policy/Events to target when reporting on the security
event log data. As far as I can tell there are 3 options each with their pro's and cons.
4768 - Kerberos Authentication Service
4769 - Kerberos Service Ticket Operations (I find this generates too many events as it also generates when accessing shares)
4624 - Logon
Any suggestions?
August 16th, 2011 9:35am
Good links on security events here. Thats all I have for ya.
http://blogs.technet.com/b/kevinholman/archive/2011/08/05/a-list-of-all-possible-security-events-in-the-windows-security-event-log.aspx
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2011 12:36pm
Hi,
As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as "Answered" as the previous steps should be helpful for many similar scenarios.
In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.
Thanks,Yog Li -- Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
August 25th, 2011 4:25am