Solved

How to disable logon/logoff auditing for windows server 2003

Posted on 2013-02-07
7
1,114 Views
Last Modified: 2013-02-07
Please see the attachment. My server security log is flooded with logon/logoff events. I must of turned this on a while back and I can't see where to turn it off now. I have checked the default domain controller security settings and default domain security settings but everything is set to not defined. Where can I disable this event logging?

Thanks,

Justin
0
Comment
Question by:JustinGSEIWI
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 334 total points
ID: 38864379
In group policy - computer settings - local policies - security go to the auditing section.

Disable account logon auditing.
0
 

Author Comment

by:JustinGSEIWI
ID: 38864423
I checked that setting for each GP. They are all set to not defined. Is there a way I pull up which policy is causing the audit?
0
 

Author Comment

by:JustinGSEIWI
ID: 38864444
If I do an RSOP on the DC, it says not defined when I look up the audit policy for account logon.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 166 total points
ID: 38864498
In addition when you go to the audit settings you will see

"Audit Account Logon events"
"Audit Logon events"

It is confusing why they named them so similar but more info here

http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447934.aspx

Thanks

Mike
0
 

Author Comment

by:JustinGSEIWI
ID: 38864556
That setting is also set to not defined.

Thanks,

Justin
0
 
LVL 70

Accepted Solution

by:
KCTS earned 334 total points
ID: 38864662
Not defined does not mean its not going to happen - you need to set it to DISABLED
0
 

Author Closing Comment

by:JustinGSEIWI
ID: 38864829
Thank you!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question