Windows Active Directory Logging - Log Admin Account Access ?

LGroup1 used Ask the Experts™
On a Windows Server 2012 R2 Active Directory is there some way to log successful logons by Domain Admins and Local Admins by using the built-in Windows Server Event Viewer and Domain/Local Security Policies (i.e. without having to purchase third party logging utilities) ?  TIA ...
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Network Consultant / Engineer
Yes, configure the Audit Policies.

You'll want to audit account logon events on your DCs (this will log any domain account logon) and on the computers with local accounts you want to monitor (this will log the local accounts)

This can be configured through group policy:
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy

If you want more granular control, you can use the Advanced Audit Policy Configuration:
Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies


Perfect, thanks !
Jeremy WeisingerSenior Network Consultant / Engineer

Glad to help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial