Solved

How to verfiy or setup so that when administrator accoutn login Win2000 server, EventId 528 is logged?

Posted on 2004-10-18
8
135 Views
Last Modified: 2010-04-14
Hi,
can anyone guide me or explain to me about this:-

I create a domain controller, and I was testing on the Event Viewer.
I want to test eventID 528 , which mean logon sucessfully.

How come when I login as an administrator , there isn't any Event log captured for it.

But of coz when I test with EventID:529, meaning that logged when there is a bad password or user name.

But I cannot see an expect resutl of an event 528 which the administrator successful log in, can there anyone explain to be, what other setting I need to enter.

Thank you
0
Comment
Question by:kaifong78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Expert Comment

by:jrgn
ID: 12336817
Did you set the auditing to log also the success events?

Jurgen
0
 
LVL 11

Accepted Solution

by:
KaliKoder earned 500 total points
ID: 12336938
Hello kaifong78,

You definitely need to enable auditing for succesful events. I am assuming, you want to audit the success and failure events locally on this DC only ? In order enable auditing for local successfull events, follow the following procedure as mentioned step by step:

1. Log on to Windows 2000 with an account that has Administrator rights.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools.
4. Double-click Local Security Policy to start the Local Security Settings MMC snap-in.
5. Double-click Local Policies to expand it, and then double-click Audit Policy.
6. In the right pane, double-click the policy that you want to enable or disable.
7. Click the Success (An audited security access attempt that succeeds) and Fail (audited security access attempt that fails) check boxes for logging on and logging off. For example, with this setting, a user's successful attempt to log on to the system is logged as a Success Audit event. If a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.

If you want to enable auditing domain wide, on other servers and machines and including Active Directory access and file and folder access, let us know, and I would be glad to share the procedure with you.

Thanks and Good Luck!
0
 

Author Comment

by:kaifong78
ID: 12339409
Hi thanks for the reply.

Well, my real life case is that, if I am using an administrative account to
login to a member server (instead of the DC), then should I follow those steps you mention ?

Meaning that am I need to configure the Local Security Policy of the member server
or the  Domain Security Policy  if I want to see the log if someone to login sucessfully into a member server?

please advise
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 12339769
Yes please go ahead and follow what I said, you need to do this on local security policy of that machine
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12343058
also do this on the DC
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HeapQueryInformation could not be located 1 923
Windows 2000 undelete (free program?) 6 438
Need to recover old Windows backup files in Windows 7 6 679
windows 2000 image 3 148
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Enabling the Skype for Business Meeting Scheduler in Hybrid OWA

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question