To audit Member Servers : Use the Group Policy snap-in to configure "success/failure" audit of "Audit Logon Events" in the Group Policy object.
Configuring Local Logon Auditing
Log on to Windows with an account that has Administrator rights.
Ensure that the Group Policy snap-in is installed.
Open the GPMC (Group Policy Management Console).
Edit the GPO that is applied on all selected Member Servers (How to select Member Servers) that require audit reporting.
Click on the "Group Policy Object" and click on "Edit"
This will direct you to "Group Policy Management Editor"
Navigate to "Audit Policy" node,
"Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy"
"Audit Logon Events" - Success / failure