View Full Version : logon events
Andreas Moroder
August 26th 06, 07:15 PM
Hello,
does anyone know the registry key to set to enable the "logon events"
instead of using the administrative tools ?
Thanks
Andreas
Steven L Umbach
August 26th 06, 07:58 PM
Not offhand but what you can try is a registry snapshot program such as the
free regshot. Take a snapshot on a computer just before you enable it and
then again after you enable. Then compare the snapshots. I am sure it would
be in HKLM. Curious that you would need to use the registry as you can use
Group Policy to configure audit policy on domain computer and import
security templates configured as you need into non domain computers using
the secedit command. If you use regshot to track down user settings just
remember to make the changes in HKEY_CURRENT_USER as regshot will show the
setting but for the HKEY_USERS with the user SID.
Steve
http://www.snapfiles.com/get/regshot.html --- Regshot
"Andreas Moroder" > wrote in message
...
> Hello,
>
> does anyone know the registry key to set to enable the "logon events"
> instead of using the administrative tools ?
>
> Thanks
> Andreas
Andreas Moroder
August 28th 06, 07:51 PM
Steven L Umbach schrieb:
>Not offhand but what you can try is a registry snapshot program such as the
>free regshot. Take a snapshot on a computer just before you enable it and
>then again after you enable. Then compare the snapshots. I am sure it would
>be in HKLM. Curious that you would need to use the registry as you can use
>Group Policy to configure audit policy on domain computer and import
>security templates configured as you need into non domain computers using
>the secedit command. If you use regshot to track down user settings just
>remember to make the changes in HKEY_CURRENT_USER as regshot will show the
>setting but for the HKEY_USERS with the user SID.
>
>Steve
>
>http://www.snapfiles.com/get/regshot.html --- Regshot
>
>
Hello Steven,
we don't have a AD, we use ( can I say that in this mailinglist ) samba
as PDC.
Bye
Andreas
Eric Fitzgerald [MSFT]
September 1st 06, 08:18 PM
Can't be done, intentionally. The registry keys that store the LSA database
are encrypted. You can use the APIs (LsaSetInformationPolicy), or you can
use the Resource Kit Utility Auditpol.exe (which is also the name of the
Vista audit policy command-line tool) if you want to script it.
Eric
--
This information is provided "AS-IS" with no warranty, and confers no
rights.
"Andreas Moroder" > wrote in message
...
> Hello,
>
> does anyone know the registry key to set to enable the "logon events"
> instead of using the administrative tools ?
>
> Thanks
> Andreas
vBulletin® v3.6.4, Copyright ©2000-2024, Jelsoft Enterprises Ltd.