Security Basics mailing list archives

RE: Windows 2000 Audit Question

From: "McGill, Lachlan" <mcgilll1 () anz com>
Date: Tue, 5 Aug 2003 08:26:01 +1000

I'm fairly sure that 1 applies to domain logons and 2 applies to any other connection that requires authentication. eg. 
accessing a shared folder.

-----Original Message-----
From: Michael Ungar [mailto:m_ungar () yahoo com]
Sent: Sunday, 3 August 2003 3:42 PM
To: security-basics () securityfocus com
Subject: Windows 2000 Audit Question

Windows 2000 has 2 Audit Policy Settings;

1 - Audit account logon events &
2 - Audit logon events

I'm not totally clear on the difference. I know the
first one is used as a central repository for auditing
logons (e.g., domain account logons to multiple
servers can get recorded to the central domain
controller log file), but not sure as to second. Does
the second setting record successes / failures of
local authentication attempts ?

Thanks...Mike Ungar

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Windows 2000 Audit Question Michael Ungar (Aug 04)
- <Possible follow-ups>
- RE: Windows 2000 Audit Question McGill, Lachlan (Aug 04)
  - RE: Windows 2000 Audit Question Tiago Halm (Aug 05)