I am trying to track when the smart card is used to login or unlock a workstation. I see some logins at the domain controller and can see that a certificate is included, but it doesn't even look like every login goes back to the domain. In the local logs I don't see anything specific to certificate authenitcation. Is there additional logging that can be turned on?

Hi, Thanks for posting in Microsoft TechNet forums. It seems that you cannot audit all the logins at the domain controller, as I discussed with my colleagues, we recommend you ask this question in Windows Server forum: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other communities who read the forums regularly can either share their knowledge or learn from your interaction with us. Thanks for your understanding and cooperation! Best Regards, Miya Yao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.