Logon-Logoff: Audit Other Logon/Logoff EventsID: oval:org.secpod.oval:def:14773 | Date: (C)2013-08-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit other logon/logoff-related events that are not covered in the "Logon/Logoff" policy setting such as the following:
Terminal Services session disconnections.
New Terminal Services sessions.
Locking and unlocking a workstation.
Invoking a screen saver.
Dismissal of a screen saver.
Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration.
Access to a wireless network granted to a user or computer account.
Access to a wired 802.1x network granted to a user or computer account.
Volume: Low.
Default: No Auditing.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon-Logoff\Audit Other Logon/Logoff Events
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |