How to configure audit settings for auditing user logons?
In order to configure auditing policies for Netwrix Auditor – Generic Events (Event Log Manager) and Logon Reporter – please configure following group policy settings::
1. Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy, Audit logon events
If you define the audit logon events policy setting, you can specify whether to audit successes and/or audit failures. Success audits generate an audit entry when logon occurs successfully. Failure audits generate an audit entry when an attempted occurrence of the logon fails.
2. Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy, Audit account management
This setting is required to audit password resets, password changes, account lockouts and account unlocks.