Vista Client Computer Application Security Audit settings

Audit Logon Events

This security setting determines whether to audit each instance of the user's logon or logout computer.

For domain account activity, account logon events are generated on the domain controller; for local account activity, account logon events are generated on the local computer. If both account logon and Logon Audit Policy categories are enabled, use domain account logon to generate logon or logout events on the workstation or server, and generate account logon events on the domain controller. In addition, interactive login using a domain account on a Member Server or workstation generates logon events on the domain controller, while retrieving logon scripts and policies when a user logs on. For more information about account logon events, see "Audit Account Logon Events ".

If you define this policy setting, you can specify whether the audit is successful, the audit fails, or the event type is not audited at all. Successful Review: An audit item is generated when the logon attempt is successful. The audit item is generated when the logon attempt fails.

Method 1:

1) Run: Secpol. msc

2) Open in sequence

3) set this value to "no review". In this policy setting "properties" dialog box, select the "define policy settings" check box, clear the check boxes "successful" and "failed.

If you do not have a Local Security Policy, you can set it as follows:

Method 2:

1. log on to the computer as a member of the Administrators group.

2. Run regedit to enter the registry.

3. Locate and click the following registry subitem: HKEY_LOCAL_MACHINESystemCurrentControlSetControlLSA

4. Right-click "SCENoApplyLegacyAuditPolicy" and click "modify ".

5. Type 0 in the value data box and click OK ".

6. restart the computer.

TIPS: Remember to back up the Registry to ensure system security. If there is a slight error, you can restore the registry.