Windows domain Security Audit
Posted on 2014-01-19
MS has explained these 2 policies, but not clear:
**Directory service access. Audit this to see when someone accesses an Active Directory® directory service object that has its own system access control list (SACL).
**Logon events. Audit this to see when someone has logged on or off your computer (either while physically at your computer or by trying to log on over a network).
for the second one, I am not sure if they mean if someone has logged on or off your workstation or Domain controller. if it is from your your workstation, will the log show up in the DC? assuming that your workstation is member of the domain.