Audit logon events The prescribed GPOs from Microsoft include settings that configure the audit categories present in previous versions of Windows. If you use the script and the GPOs included with this security guidance, these settings will not apply to computers running Windows Vista. The GPOs intended for use in enterprise environments have been designed to work with Windows XP based computers. Settings for audit categories are included in these GPOs so that computers running Windows XP in your environment receive the recommended audit policy settings for Windows XP?based computers. You can configure the Audit policy settings in Windows Vista at the following location in the Group Policy Object Editor: Computer Configuration\Windows Settings\Security Settings \Local Policies\Audit Policy

(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy!Audit logon events (2) WMI: root\rsop\computer#RSOP_AuditPolicy#Success, Failure#Category='AuditLogonEvents' and precedence=1