Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to disable logon/logoff auditing for windows server 2003

Posted on 2013-02-07
7
Medium Priority
?
1,130 Views
Last Modified: 2013-02-07
Please see the attachment. My server security log is flooded with logon/logoff events. I must of turned this on a while back and I can't see where to turn it off now. I have checked the default domain controller security settings and default domain security settings but everything is set to not defined. Where can I disable this event logging?

Thanks,

Justin
0
Comment
Question by:JustinGSEIWI
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 1336 total points
ID: 38864379
In group policy - computer settings - local policies - security go to the auditing section.

Disable account logon auditing.
0
 

Author Comment

by:JustinGSEIWI
ID: 38864423
I checked that setting for each GP. They are all set to not defined. Is there a way I pull up which policy is causing the audit?
0
 

Author Comment

by:JustinGSEIWI
ID: 38864444
If I do an RSOP on the DC, it says not defined when I look up the audit policy for account logon.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 664 total points
ID: 38864498
In addition when you go to the audit settings you will see

"Audit Account Logon events"
"Audit Logon events"

It is confusing why they named them so similar but more info here

http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447934.aspx

Thanks

Mike
0
 

Author Comment

by:JustinGSEIWI
ID: 38864556
That setting is also set to not defined.

Thanks,

Justin
0
 
LVL 70

Accepted Solution

by:
KCTS earned 1336 total points
ID: 38864662
Not defined does not mean its not going to happen - you need to set it to DISABLED
0
 

Author Closing Comment

by:JustinGSEIWI
ID: 38864829
Thank you!
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question