I'm fairly sure that 1 applies to domain logons and 2 applies to any other connection that requires authentication. eg. accessing a shared folder.
-----Original Message----- From: Michael Ungar [mailto:[EMAIL PROTECTED] Sent: Sunday, 3 August 2003 3:42 PM To: [EMAIL PROTECTED] Subject: Windows 2000 Audit Question Windows 2000 has 2 Audit Policy Settings; 1 - Audit account logon events & 2 - Audit logon events I'm not totally clear on the difference. I know the first one is used as a central repository for auditing logons (e.g., domain account logons to multiple servers can get recorded to the central domain controller log file), but not sure as to second. Does the second setting record successes / failures of local authentication attempts ? Thanks...Mike Ungar --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
