<div>
<div class="content wysiwyg-content">
Hi All<br />
<br />
I have been asked to caputure all logon's that are either at the console or via RDP etc, we don't want to capture all the other logons like network etc<br />
<br />
What are the event ID's for these on Windows 2003 / 2008R2 servers<br />
<br />
Also is it possible to just configure Auditing for this type of Logon via group policy, we have a 2008R2 domain.<br />
<br />
Thanks
</div>
</div>


Hi All

I have been asked to caputure all logon's that are either at the console or via RDP etc, we don't want to capture all the other logons like network etc

What are the event ID's for these on Windows 2003 / 2008R2 servers

Also is it possible to just configure Auditing for this type of Logon via group policy, we have a 2008R2 domain.

Thanks

Audit physical logons only, not network logons etc

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).