Are you utilizing some alternate technique of tracking when users
logon? Or do you feel that it's not beneficial enough to include?
Our auditing is
Account logon events failure
Account management success/failure
Logons failure
Object access none
Policy changes success/failure
Privilege use Success/failure
Process tracking none
System events success/failure
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
