Default DC policy is set to log Audit account logon events and audit logon events in policies,windows settings, security settings,local policies, audit policy.
Yet the Security windows log shows no logon events despite hundreds of logon events occurring each day.
I need to be able to list users who logged onto a terminal server as well as each time a user logs in at a workstation.
I am seeing lockout events but not logon success or failure.
I would also need to track logins on IIS sites like OWA and another app.
GPresult does show the policy is applied.
RSOP shows the above settings are applied from the correct policy.
I have been through several tutorials which state the above settings should do what I am looking for. Any help would be appreciated.