Configuring Local Logon Auditing in the GPO of DCs


To allow ADAudit Plus to report on Local Logon and Logoff on Domain Controller machines the Group Policy object settings must be modified accordingly. Both Success, Failure Policy Setting for "Audit Logon Events" in the GPO associated with the Domain Controller must be enabled.


To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.   


Steps to enable Local Logon Auditing in the GPO of Domain Controller machines.[Image]

  1. Open "Active Directory Users and Computers".  

    1. (Click "Start" --> Click "Control Panel" --> double-click "Administrative Tools"  and then -->> double-click "Active Directory Users and Computers ")

  2. In the console tree, right-click the "Domain Controllers" organizational unit.


  4. Click "Properties", and then click the "Group Policy" tab.

  5. Click "Add" to add a new Group Policy object and click "Edit" to edit the "Group Policy Object Editor".

  6. In the "Group Policy Object Editor"

    1. Click on "Computer Configuration"-->>"Windows Settings" -->> "Security Settings"-->>"Local Policy" -->>"Audit Policy"

    2. Enable "success, failure" Policy setting for "Audit Logon Events"

  7. This Group Policy Object setting is applied to the Domain Controller.

Local Logon Auditing - enabled in a GPO of a Domain Controller





Copyright © 2023, ZOHO Corp. All Rights Reserved.
Get download link