?
Solved

How to verfiy or setup so that when administrator accoutn login Win2000 server, EventId 528 is logged?

Posted on 2004-10-18
8
Medium Priority
?
146 Views
Last Modified: 2010-04-14
Hi,
can anyone guide me or explain to me about this:-

I create a domain controller, and I was testing on the Event Viewer.
I want to test eventID 528 , which mean logon sucessfully.

How come when I login as an administrator , there isn't any Event log captured for it.

But of coz when I test with EventID:529, meaning that logged when there is a bad password or user name.

But I cannot see an expect resutl of an event 528 which the administrator successful log in, can there anyone explain to be, what other setting I need to enter.

Thank you
0
Comment
Question by:kaifong78
5 Comments
 
LVL 1

Expert Comment

by:jrgn
ID: 12336817
Did you set the auditing to log also the success events?

Jurgen
0
 
LVL 11

Accepted Solution

by:
KaliKoder earned 2000 total points
ID: 12336938
Hello kaifong78,

You definitely need to enable auditing for succesful events. I am assuming, you want to audit the success and failure events locally on this DC only ? In order enable auditing for local successfull events, follow the following procedure as mentioned step by step:

1. Log on to Windows 2000 with an account that has Administrator rights.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools.
4. Double-click Local Security Policy to start the Local Security Settings MMC snap-in.
5. Double-click Local Policies to expand it, and then double-click Audit Policy.
6. In the right pane, double-click the policy that you want to enable or disable.
7. Click the Success (An audited security access attempt that succeeds) and Fail (audited security access attempt that fails) check boxes for logging on and logging off. For example, with this setting, a user's successful attempt to log on to the system is logged as a Success Audit event. If a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.

If you want to enable auditing domain wide, on other servers and machines and including Active Directory access and file and folder access, let us know, and I would be glad to share the procedure with you.

Thanks and Good Luck!
0
 

Author Comment

by:kaifong78
ID: 12339409
Hi thanks for the reply.

Well, my real life case is that, if I am using an administrative account to
login to a member server (instead of the DC), then should I follow those steps you mention ?

Meaning that am I need to configure the Local Security Policy of the member server
or the  Domain Security Policy  if I want to see the log if someone to login sucessfully into a member server?

please advise
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 12339769
Yes please go ahead and follow what I said, you need to do this on local security policy of that machine
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12343058
also do this on the DC
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Most folks would know the basics of how Dropbox works, so that’s not the purpose of this article. Security is what it’s all about, so here I’ll share how I choose to secure my Dropbox Account and the Data it contains.
Loops Section Overview
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month17 days, 6 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question