Solved

How to verfiy or setup so that when administrator accoutn login Win2000 server, EventId 528 is logged?

Posted on 2004-10-18
8
137 Views
Last Modified: 2010-04-14
Hi,
can anyone guide me or explain to me about this:-

I create a domain controller, and I was testing on the Event Viewer.
I want to test eventID 528 , which mean logon sucessfully.

How come when I login as an administrator , there isn't any Event log captured for it.

But of coz when I test with EventID:529, meaning that logged when there is a bad password or user name.

But I cannot see an expect resutl of an event 528 which the administrator successful log in, can there anyone explain to be, what other setting I need to enter.

Thank you
0
Comment
Question by:kaifong78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Expert Comment

by:jrgn
ID: 12336817
Did you set the auditing to log also the success events?

Jurgen
0
 
LVL 11

Accepted Solution

by:
KaliKoder earned 500 total points
ID: 12336938
Hello kaifong78,

You definitely need to enable auditing for succesful events. I am assuming, you want to audit the success and failure events locally on this DC only ? In order enable auditing for local successfull events, follow the following procedure as mentioned step by step:

1. Log on to Windows 2000 with an account that has Administrator rights.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools.
4. Double-click Local Security Policy to start the Local Security Settings MMC snap-in.
5. Double-click Local Policies to expand it, and then double-click Audit Policy.
6. In the right pane, double-click the policy that you want to enable or disable.
7. Click the Success (An audited security access attempt that succeeds) and Fail (audited security access attempt that fails) check boxes for logging on and logging off. For example, with this setting, a user's successful attempt to log on to the system is logged as a Success Audit event. If a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.

If you want to enable auditing domain wide, on other servers and machines and including Active Directory access and file and folder access, let us know, and I would be glad to share the procedure with you.

Thanks and Good Luck!
0
 

Author Comment

by:kaifong78
ID: 12339409
Hi thanks for the reply.

Well, my real life case is that, if I am using an administrative account to
login to a member server (instead of the DC), then should I follow those steps you mention ?

Meaning that am I need to configure the Local Security Policy of the member server
or the  Domain Security Policy  if I want to see the log if someone to login sucessfully into a member server?

please advise
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 12339769
Yes please go ahead and follow what I said, you need to do this on local security policy of that machine
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12343058
also do this on the DC
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question