This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Audit logon events

Hello,

I would like to know if there is a way to use InTrust in order to have reporting for user logon. To my understanding the way to do it is to configure a gather of the security log either on the DCs or the servers and workstations or on all of them. Searching about this was confusing because i couldn't find a clear enough image on what i have to configure on the domain through gpo in order to audit the info username xxxxx logon to xxxxxx at xxxxxxx.

I understand that it is not so much of an InTrust question but more of an AD one but if someone have implemented this and can provide feedback it will be much appreciated.

Thank you.

Parents

0 Aidar.Karabalaev over 6 years ago

About 10 years ago the situation was the following. AD MSFT native DC Security Log with appropriate Audit Policy turned on probably will generate 128MB/0.5-1h for 10K user AD with 95%+ "noise" events and 2-3% useful ones. Therefore the issue is large volume of events and finding exactly what to report on: what can be asked + what you want = Best Practices. I recommend to contact PSO to target the goal in most efficient way.
Cancel
Up 0 Down

Cancel

Reply

0 Aidar.Karabalaev over 6 years ago

About 10 years ago the situation was the following. AD MSFT native DC Security Log with appropriate Audit Policy turned on probably will generate 128MB/0.5-1h for 10K user AD with 95%+ "noise" events and 2-3% useful ones. Therefore the issue is large volume of events and finding exactly what to report on: what can be asked + what you want = Best Practices. I recommend to contact PSO to target the goal in most efficient way.
Cancel
Up 0 Down

Cancel

Children

No Data