I need to audit account creation/deletion/modification and logon to AD(interactive and rdp- is it the same thing? is there a diff setting for both? does windows log wheter the logon was via term services or interactive?)
Where is the place to set this- i assume the domain controllers' ou? should i create a new pol and not screw with the default? should i audit account management or object access for my aforementioned needs or both? Should i worry about security log bloat? Thanks a lot. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
