Audit Policy: Account Logon: Other Account Logon Events
|ID: oval:org.secpod.oval:def:22892||Date: (C)2015-01-07 (M)2018-03-24|
|Class: COMPLIANCE||Family: windows|
This subcategory reports the events that occur in response to credentials submitted for a user account logon request that do not relate to credential validation or Kerberos tickets. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controller is authoritative, whereas for local accounts, the local computer is authoritative. In domain environments, most of the Account Logon events occur in the Security log of the domain controllers that are authoritative for the domain accounts. However, these events can occur on other computers in the organization when local accounts are used to log on.
Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226.
This policy setting audits logon events other than credential validation and Kerberos Ticket Events.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon!Audit Policy: Account Logon: Other Account Logon Events
(2) REG: NO REGISTRY INFO
|Microsoft Windows Server 2012 R2|