Configure Windows Server to audit all failed and successful logon attempts. Edit Audit Policy Settings.
RdpGuard
Intrusion prevention system for your Windows Server
 
Follow:
Like:
Share:

Audit Policy Settings

System event logs are important part of RdpGuard detection engines, it is strongly recommended to enable audit for successful and failed logon events.

The following engines depend on audit of failed logon events:

The following features depend on audit of successful logon events:


To Enable Audit for Logon Events

1. Start Command Prompt (cmd.exe) as Administrator

2. Type the following command and press Enter

auditpol /set /subcategory:Logon /success:enable /failure:enable

3. You should see the following message:

The command was successfully executed.

Auditpol command in Command Prompt Window

How to Enable Audit for Failed and Successful Logon events


To Enable Audit for Logon Events (alternative way)

1. Click Start -> Administrative Tools -> Local Security Policy

Open Local Security Policy

Click Start -> Administrative Tools -> Local Security Policy

Local Security Policy snap-in will open:

Local Security Policy snap-in

Local Security Policy snap-in

2. Open Security Settings, Local Policies, Audit Policy

3. Double click on Audit logon events.

Audit logon events Properties dialog will open:

Audit logon events Properties

Audit logon events Properties Dialog

4. Set Audit these attempts to Failure and Success(optionally) and click OK.

5. Repeat steps 3-4 for Audit logon events.

Audit Policy should look like below:

Configured Audit Policy

Configured Audit Policy

RdpGuard 5.4.9 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
 
People like RdpGuard!
Our Other Products
FastGlacier
Windows Client for Amazon Glacier - new low-cost storage for data archiving and backup.
Copyright © 2012-2018 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.