Check this article about the logon type codes:
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I think what I'm trying to get at specifically is if the DC's are going to
start holding the events for interactive logons in addition to the
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
This is something you would need to enable manually using either a GPO or
the Local Domain Controller Policy. I would suggest to use a separate GPO
under the Domain Controller OU. Keep in mind, this is a lot of additional
data the DCs will be enumerating and can turn into a performance issue.
Sorry, hit send too soon. I meant to post the following links:
Audit logon events: Security Configuration Editor; Security ServicesJan 21,
If both account logon and logon audit policy categories are enabled, logons
that use a domain account generate a logon or logoff event on ...
Audit logon events
If you are auditing successful Audit account logon events on a domain
controller, then workstation logons do not generate logon audits. ...
How to Enable Success Logon Event Logging Dec 1, 2008
To enable success logon event logging using a local security policy ... In
the results pane, double-click Audit logon events and ensure that ...
Auditing Security Events Best practices: Auditing Jan 21, 2005
For information about how to enable auditing in the logon event category,
see Define or modify auditing policy settings for an event ...
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.