<div>
Check the default domain controller policy too.<br />
<br />
Thanks<br />
<br />
Mike
</div>


Check the default domain controller policy too.

Thanks

Mike

<div>
Yep default domain controller policy is no auditing
</div>


Yep default domain controller policy is no auditing

<div>
What types of entries are you seeing?
</div>


<div>
Event ids 4624,4634,4769,and 4776
</div>


<div>
Are you seeing those for every login to the domain?
</div>


Are you seeing those for every login to the domain?

<div>
Yes, including many anonymous and workstation logins
</div>


Yes, including many anonymous and workstation logins

<div>
Microsoft does not allowed all auduting o be diabled
</div>


Microsoft does not allowed all auduting o be diabled

<div>
<div class="content wysiwyg-content">
I wanted to design auditing from scratch and went into Default Domain group policy and set all items in &nbsp;Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy to No auditing but yet the entries keep coming in. &nbsp;Running AD 2008<br />
<br />

</div>
</div>


I wanted to design auditing from scratch and went into Default Domain group policy and set all items in  Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy to No auditing but yet the entries keep coming in.  Running AD 2008



Where are DC security log entries coming from

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.