Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium



Posted on 2005-03-10
Medium Priority
Last Modified: 2013-12-04
When enabling auditing of logon events and account logons should this only be enabled on the domain controller policy or should the member servers also have this enabled on their local policy.  Would this be necessary?
Question by:vivo123
LVL 16

Accepted Solution

mdiglio earned 200 total points
ID: 13512019

I think you'll find that once/if you enable auditing on other servers it is not near as intensive to search
through and find the appropriate information as it is on your Domain Controllers.

With that being said then I would recommend enabling auditing on those as well.
It won't hurt..it won't take up near as much space to track information...and it might come in handy one day.

My vote would be a YES

Assisted Solution

kapes earned 100 total points
ID: 13516060
when .. user logs in using .. domain user id anywhere in domain.. that event is logged in   Domain Controller's eventlog ....

if user logs in using ... particular server's local account... that event is looged in that server's event log...

so... I would recommend enabling both

Assisted Solution

tmehmet earned 100 total points
ID: 13517194
The domain policy will work for domain activity, but this may not work for any local activity, specially if they are not domain controllers.

 you should as per industry best practice log all local activity. eg. Someone failing to access a share on the member box wont necessarily appear in the domain logs.
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 13517609
First an foremost... are you going to have time to review them? Be they just on the controllers and or on the workstations? having them enabled is one thing, having the time to sort through them is another. If they are just enabled, and you don't review them- you'll be missing out on what's going on day-2-day... having them enabled and just looking through them when a real problem occurs is ok, but it's better to have them looked through every day. There is software out there that can watch your log's and alert you when certain event's you've configured happen, GFI SELM http://www.gfi.com/lanselm/ is one such product. You could also get kiwi (for unix) or snare for windows http://www.intersectalliance.com/projects/SnareWindows/ also found here: http://sourceforge.net/projects/snare/

If you have tools like these, then why not enable the event's on all servers and workstations:

Author Comment

ID: 13520744
Thank you all for your comments.  They are greatly appreciated.  


Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question