Account Logon

Applies To: Windows 7, Windows Server 2008 R2

Configuring policy setting in this category can help you document domain attempts to authenticate account data, either to a domain controller or a local Security Accounts Manager (SAM). Unlike Logon/Logoff policy settings and events, which track attempts to access a particular computer, settings and events in this category focus on the account database being used. This category includes the following subcategories:

• Audit Credential Validation

• Audit Kerberos Authentication Service

• Audit Kerberos Service Ticket Operations

• Audit Other Account Logon Events

For more information about audit events that are generated by Account Logon audit settings in Windows Server 2008 R2 and Windows 7, see Security Audit Events for Windows 7 and Windows Server 2008 R2 (https://go.microsoft.com/fwlink/?LinkId=157780).