enabling advanced login events - what are the impacts?
hello,
thinking of enabling advanced login events on our terminal server (currently enabled on our domain controllers) in order troubleshoot user lockouts.
because disabled default, assume there impacts, maybe performance-wise?
wouldn't enable on our servers without knowing first if can cause issues doing so.
thinking of enabling advanced login events on our terminal server (currently enabled on our domain controllers) in order troubleshoot user lockouts.
because disabled default, assume there impacts, maybe performance-wise?
wouldn't enable on our servers without knowing first if can cause issues doing so.
hi,
sorry can’t understand “advanced login events”, if meaning audit logon events settings.
“this security setting determines whether audit each instance of user logging on or logging off computer.
account logon events generated on domain controllers domain account activity , on local computers local account activity. if both account logon , logon audit policy categories enabled, logons use domain account generate logon or logoff event on workstation or server, , generate account logon event on domain controller. additionally, interactive logons member server or workstation use domain account generate logon event on domain controller logon scripts , policies retrieved when user logs on.” please see: https://technet.microsoft.com/en-us/library/cc976395.aspx
if not, please share more information “advanced login events”.
in addition, regarding troubleshoot user lockouts, check pdc emulator event 4740. review events locate affected account, event details contain caller computer details account lockout occurred.
alternatively, use account lockout status tool. account lockout status tool combination command-line , graphical tool displays lockout information particular user account. collects information every contactable domain controller in target user account’s domain. can download account lockout status tool from: https://www.microsoft.com/en-au/download/details.aspx?id=15201
best regards,
wendy
sorry can’t understand “advanced login events”, if meaning audit logon events settings.
“this security setting determines whether audit each instance of user logging on or logging off computer.
account logon events generated on domain controllers domain account activity , on local computers local account activity. if both account logon , logon audit policy categories enabled, logons use domain account generate logon or logoff event on workstation or server, , generate account logon event on domain controller. additionally, interactive logons member server or workstation use domain account generate logon event on domain controller logon scripts , policies retrieved when user logs on.” please see: https://technet.microsoft.com/en-us/library/cc976395.aspx
if not, please share more information “advanced login events”.
in addition, regarding troubleshoot user lockouts, check pdc emulator event 4740. review events locate affected account, event details contain caller computer details account lockout occurred.
alternatively, use account lockout status tool. account lockout status tool combination command-line , graphical tool displays lockout information particular user account. collects information every contactable domain controller in target user account’s domain. can download account lockout status tool from: https://www.microsoft.com/en-au/download/details.aspx?id=15201
best regards,
wendy
please remember mark replies answers if , unmark them if provide no help.
if have feedback technet subscriber support, contact tnmff@microsoft.com.
Windows Server > Windows Server 2012 General
Comments
Post a Comment