Kbase P119354: With EVTLEVEL set to brief, user login is still recorded in eventviewer log, if Windows security au
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
03/11/2009 |
|
Status: Verified
SYMPTOM(s):
Windows security auditing is enabled
EVTLEVEL logging is set to brief.
Client logins are still being recorded in the eventviewer log.
FACT(s) (Environment):
Windows NT 32 Intel/Windows 2000
CAUSE:
Windows security auditing is set and overriding the environment setting for brief logging, thereby, recording who is logging in and logging out even when the login is successful.
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy
Determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account.
If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when an account logon attempt succeeds. Failure audits generate an audit entry when an account logon attempt fails. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.
If success auditing for account logon events is enabled on a domain controller, an entry is logged for each user who is validated against that domain controller, even though the user is actually logging on to a workstation that is joined to the domain.
Default:
No auditing for domain controllers.
Undefined for a member computer.
FIX:
Uncheck the Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events.
To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.