Solved

How to verfiy or setup so that when administrator accoutn login Win2000 server, EventId 528 is logged?

Posted on 2004-10-18
8
132 Views
Last Modified: 2010-04-14
Hi,
can anyone guide me or explain to me about this:-

I create a domain controller, and I was testing on the Event Viewer.
I want to test eventID 528 , which mean logon sucessfully.

How come when I login as an administrator , there isn't any Event log captured for it.

But of coz when I test with EventID:529, meaning that logged when there is a bad password or user name.

But I cannot see an expect resutl of an event 528 which the administrator successful log in, can there anyone explain to be, what other setting I need to enter.

Thank you
0
Comment
Question by:kaifong78
8 Comments
 
LVL 1

Expert Comment

by:jrgn
Comment Utility
Did you set the auditing to log also the success events?

Jurgen
0
 
LVL 11

Accepted Solution

by:
KaliKoder earned 500 total points
Comment Utility
Hello kaifong78,

You definitely need to enable auditing for succesful events. I am assuming, you want to audit the success and failure events locally on this DC only ? In order enable auditing for local successfull events, follow the following procedure as mentioned step by step:

1. Log on to Windows 2000 with an account that has Administrator rights.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools.
4. Double-click Local Security Policy to start the Local Security Settings MMC snap-in.
5. Double-click Local Policies to expand it, and then double-click Audit Policy.
6. In the right pane, double-click the policy that you want to enable or disable.
7. Click the Success (An audited security access attempt that succeeds) and Fail (audited security access attempt that fails) check boxes for logging on and logging off. For example, with this setting, a user's successful attempt to log on to the system is logged as a Success Audit event. If a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.

If you want to enable auditing domain wide, on other servers and machines and including Active Directory access and file and folder access, let us know, and I would be glad to share the procedure with you.

Thanks and Good Luck!
0
 

Author Comment

by:kaifong78
Comment Utility
Hi thanks for the reply.

Well, my real life case is that, if I am using an administrative account to
login to a member server (instead of the DC), then should I follow those steps you mention ?

Meaning that am I need to configure the Local Security Policy of the member server
or the  Domain Security Policy  if I want to see the log if someone to login sucessfully into a member server?

please advise
0
 
LVL 11

Expert Comment

by:KaliKoder
Comment Utility
Yes please go ahead and follow what I said, you need to do this on local security policy of that machine
0
 
LVL 3

Expert Comment

by:happythedog
Comment Utility
also do this on the DC
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now