Windows domain Security Audit

MS has explained these 2 policies, but not clear:

**Directory service access. Audit this to see when someone accesses an Active Directory® directory service object that has its own system access control list (SACL).

**Logon events. Audit this to see when someone has logged on or off your computer (either while physically at your computer or by trying to log on over a network).

for the second one, I am not sure if they mean if someone has logged on or off your workstation or Domain controller. if it is from your your workstation, will the log show up in the DC? assuming that your workstation is member of the domain.

Thanks
jskfanAsked:
Who is Participating?
 
Mike KlineCommented:
It depends on how you logon as to where the events show up.   What is really not clear is Account Logon vs Audit Logon/Logoff.    I have had this link Favorited for years

http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447934.aspx

See if that helps and let us know what follow up questions you have.

Thanks

Mike
0
 
jskfanAuthor Commented:
Will check it later ......Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.