32     Chapter 1 • General Security Concepts: Access Control, Authentication, and Auditing

                      Next, double-click the Audit Logon Events item, which will open the
                  Properties screen shown in Figure 1.8. Select both check boxes to enable
                  auditing of both successful and failed logon events. When auditing
                  logon events you are logging events requiring credentials on the local
                  machine. Note that the first auditing choice is “Audit account logon
                  events.” In this selection, auditing is tracked only for those asking for
                  authentication via accounts that are stored on this machine, such as
                  with a domain controller. The setting being used tracks all requests with
                  an exchange of authentication information on the local machine where
                  it is configured.

             Figure 1.8 Selecting the Appropriate Item for Auditing




































                      As shown in Figure 1.9, the security setting condition has changed to
                  reflect your choices. Your screen should also reflect that you are now
                  auditing “Success and Failure for Logon Events.”










          www.syngress.com