1.
Run gpedit.msc → Create a new GPO → Edit it: Go to "Computer Configuration" → Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration → Audit Policies → Logon/Logoff:
- Audit Logon → Define → Success And Failures.
2.
Go to Event Log → Define:
- Maximum security log size to 4gb
- Retention method for security log to "Overwrite events as needed".
3.
Link the new GPO to OU with Computer Accounts: Go to "Group Policy Management" → right-click the defined OU → choose Link an Existing GPO → choose the GPO that you created.
4.
Force the group policy update: In "Group Policy Management" right click on the defined OU → click on "Group Policy Update".
5.
Open Event viewer and search Security log for event id’s 4648 (Audit Logon).
source: netwrix.com
0 comments:
Post a Comment