?
Solved

How to verfiy or setup so that when administrator accoutn login Win2000 server, EventId 528 is logged?

Posted on 2004-10-18
8
Medium Priority
?
139 Views
Last Modified: 2010-04-14
Hi,
can anyone guide me or explain to me about this:-

I create a domain controller, and I was testing on the Event Viewer.
I want to test eventID 528 , which mean logon sucessfully.

How come when I login as an administrator , there isn't any Event log captured for it.

But of coz when I test with EventID:529, meaning that logged when there is a bad password or user name.

But I cannot see an expect resutl of an event 528 which the administrator successful log in, can there anyone explain to be, what other setting I need to enter.

Thank you
0
Comment
Question by:kaifong78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Expert Comment

by:jrgn
ID: 12336817
Did you set the auditing to log also the success events?

Jurgen
0
 
LVL 11

Accepted Solution

by:
KaliKoder earned 2000 total points
ID: 12336938
Hello kaifong78,

You definitely need to enable auditing for succesful events. I am assuming, you want to audit the success and failure events locally on this DC only ? In order enable auditing for local successfull events, follow the following procedure as mentioned step by step:

1. Log on to Windows 2000 with an account that has Administrator rights.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools.
4. Double-click Local Security Policy to start the Local Security Settings MMC snap-in.
5. Double-click Local Policies to expand it, and then double-click Audit Policy.
6. In the right pane, double-click the policy that you want to enable or disable.
7. Click the Success (An audited security access attempt that succeeds) and Fail (audited security access attempt that fails) check boxes for logging on and logging off. For example, with this setting, a user's successful attempt to log on to the system is logged as a Success Audit event. If a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.

If you want to enable auditing domain wide, on other servers and machines and including Active Directory access and file and folder access, let us know, and I would be glad to share the procedure with you.

Thanks and Good Luck!
0
 

Author Comment

by:kaifong78
ID: 12339409
Hi thanks for the reply.

Well, my real life case is that, if I am using an administrative account to
login to a member server (instead of the DC), then should I follow those steps you mention ?

Meaning that am I need to configure the Local Security Policy of the member server
or the  Domain Security Policy  if I want to see the log if someone to login sucessfully into a member server?

please advise
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 12339769
Yes please go ahead and follow what I said, you need to do this on local security policy of that machine
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12343058
also do this on the DC
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month15 days, 7 hours left to enroll

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question