Audit Policy Settings
System event logs are important part of RdpGuard detection engines, it is strongly recommended to
enable audit for successful and failed logon events.
The following engines depend on audit of failed logon events:
The following features depend on audit of successful logon events:
To Enable Audit for Logon Events
1. Start Command Prompt (cmd.exe) as Administrator
2. Type the following command and press Enter
auditpol /set /subcategory:Logon /success:enable /failure:enable
3. You should see the following message:
The command was successfully executed.
How to Enable Audit for Failed and Successful Logon events
To Enable Audit for Logon Events (alternative way)
1. Click Start -> Administrative Tools -> Local Security Policy
Click Start -> Administrative Tools -> Local Security Policy
Local Security Policy snap-in will open:
Local Security Policy snap-in
2. Open Security Settings, Local Policies, Audit Policy
3. Double click on Audit logon events.
Audit logon events Properties dialog will open:
Audit logon events Properties Dialog
4. Set Audit these attempts to Failure and Success(optionally) and click OK.
5. Repeat steps 3-4 for Audit logon events.
Audit Policy should look like below:
Configured Audit Policy