Account Logon

Applies To: Windows 7, Windows Server 2008 R2

Configuring policy setting in this category can help you document domain attempts to authenticate account data, either to a domain controller or a local Security Accounts Manager (SAM). Unlike Logon/Logoff policy settings and events, which track attempts to access a particular computer, settings and events in this category focus on the account database being used. This category includes the following subcategories:

For more information about audit events that are generated by Account Logon audit settings in Windows Server 2008 R2 and Windows 7, see Security Audit Events for Windows 7 and Windows Server 2008 R2 (https://go.microsoft.com/fwlink/?LinkId=157780).