AccountLogonLogoff_AuditOtherLogonLogoffEvents
AccountLogonLogoff_AuditOtherLogonLogoffEvents
This policy setting allows you to audit other logon/logoff-related events that aren't covered in the "Logon/Logoff" policy setting such as the following: Terminal Services session disconnections. New Terminal Services sessions. Locking and unlocking a workstation. Invoking a screen saver. Dismissal of a screen saver. Detection of a Kerberos replay attack, in which a Kerberos request was received twice with identical information. This condition could be caused by network misconfiguration. Access to a wireless network granted to a user or computer account. Access to a wired 802.1x network granted to a user or computer account.
./Device/Vendor/MSFT/Policy/Config/Audit/AccountLogonLogoff_AuditOtherLogonLogoffEvents
Format: int Value: 3
Audit event on success and failure.
YES
Audit Other Logon/Logoff Events
Last updated