Logon-Logoff: Audit Other Logon/Logoff Events
|ID: oval:org.secpod.oval:def:14773||Date: (C)2013-08-13 (M)2017-10-17|
|Class: COMPLIANCE||Family: windows|
This policy setting allows you to audit other logon/logoff-related events that are not covered in the "Logon/Logoff" policy setting such as the following:
Terminal Services session disconnections.
New Terminal Services sessions.
Locking and unlocking a workstation.
Invoking a screen saver.
Dismissal of a screen saver.
Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration.
Access to a wireless network granted to a user or computer account.
Access to a wired 802.1x network granted to a user or computer account.
Default: No Auditing.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon-Logoff\Audit Other Logon/Logoff Events
(2) REG: INFO NOT AVAILABLE
|Microsoft Windows 7|