Configure Windows Server to audit all failed and successful logon attempts. Edit Audit Policy Settings.
Intrusion prevention system for your Windows Server

Audit Policy Settings

Audit Policy Settings overview

System event logs are important part of RdpGuard detection engines, it is strongly recommended to enable audit for successful and failed logon events.

The following engines depend on audit of failed logon events:

The following features depend on audit of successful logon events:

Please check out instructions below to learn more on adjusting audit settings

Configure Audit Policy Settings via Local Security Policy

1. Open the Local Security Policy editor by typing secpol.msc in the Run dialog box (press the Windows key + R to open the Run dialog box).

Open the Local Security Policy editor

You can open the Local Security Policy editor by entering "secpol.msc" into the Run dialog box.

The Local Security Policy snap-in will open:

Local Security Policy snap-in

Local Security Policy snap-in

2. In the left pane of the Local Security Policy editor, navigate to Security Settings, Advanced Audit Policy Configuration, Audit Policies, Logon/Logoff.

3. In the right pane of the Local Security Policy editor, double-click Audit Logon

The Audit logon Properties dialog will open:

Audit logon events Properties

The Audit logon Properties dialog.

4. Check the Success and Failure boxes under Audit these attempts

5. Click OK to save the changes.

The Audit Policy should look like below:

Configured Audit Policy

Configured Audit Policy

Configure Audit Policy Settings via CLI using AuditPol

1. Start Command Prompt (cmd.exe) as Administrator

2. Type the following command and press Enter

auditpol /set /subcategory:Logon /success:enable /failure:enable

3. You should see the following message:

The command was successfully executed.

Auditpol command in Command Prompt Window

How to Enable Audit for Failed and Successful Logon events

RdpGuard 9.0.3 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
People like RdpGuard!
Our Other Products
Windows Client for Amazon Glacier - new low-cost storage for data archiving and backup.
Copyright © 2012-2023 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.