• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 337
  • Last Modified:

Windows domain Security Audit

MS has explained these 2 policies, but not clear:

**Directory service access. Audit this to see when someone accesses an Active Directory® directory service object that has its own system access control list (SACL).

**Logon events. Audit this to see when someone has logged on or off your computer (either while physically at your computer or by trying to log on over a network).

for the second one, I am not sure if they mean if someone has logged on or off your workstation or Domain controller. if it is from your your workstation, will the log show up in the DC? assuming that your workstation is member of the domain.

Thanks
0
jskfan
Asked:
jskfan
2 Solutions
 
Mike KlineCommented:
It depends on how you logon as to where the events show up.   What is really not clear is Account Logon vs Audit Logon/Logoff.    I have had this link Favorited for years

http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447934.aspx

See if that helps and let us know what follow up questions you have.

Thanks

Mike
0
 
jskfanAuthor Commented:
Will check it later ......Thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now