Audit Logon

Information

Audit logon events

This security setting determines whether the OS audits each instance of a user attempting to log on to or to log off to this computer.

Log off events are generated whenever a logged on user account's logon session is terminated. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures).

Default: Success.

Solution

Policy Path: Computer Configuration\Windows Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff
Policy Setting Name: Audit Logon

See Also

https://blogs.technet.microsoft.com/secguide/2015/11/13/security-baseline-for-windows-10-build-10240-final/

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CSCv6|16.1

Plugin: Windows

Control ID: 8b7d8e4bf9bba3619665981647334d53b61656876dff4ac6e3a2171d1dddaadb