Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to audit adminstrator logon only? 1
- Thread starter lksixt
- Start date
-
1
- #2
brontosaurus
MIS
Put the admin accounts in a separate OU and run the policy from there...
- Thread starter
- #3
- Thread starter
- #4
OK... got busy, but finally
I created an OU called administrative accounts, moved my two administrator users into that OU. Right clicked on OU, properties, group police, new, edit...
Computer, WIndows, Security, Local, audit... selected audit account logon events.
Clicked on Security, gave authenticated users and administrators full control.
Checked no override.
Logged out, logged back in as administrator, no events. I know auditing works, I set it up as a domain security policy, but it logged everybody.. don't want that, only administrator.
I've read everypost I can find on this subject and I can't find anything different than what I've done above...
Help.. what am I missing?
I created an OU called administrative accounts, moved my two administrator users into that OU. Right clicked on OU, properties, group police, new, edit...
Computer, WIndows, Security, Local, audit... selected audit account logon events.
Clicked on Security, gave authenticated users and administrators full control.
Checked no override.
Logged out, logged back in as administrator, no events. I know auditing works, I set it up as a domain security policy, but it logged everybody.. don't want that, only administrator.
I've read everypost I can find on this subject and I can't find anything different than what I've done above...
Help.. what am I missing?
- Status
Similar threads