Disable logon and logoff events (event id 4624, 4625, 4634 (and all the other ones...))

I have tried several times to make my domain controller not log logon and logoff events in the security log. But it seems to ignore the settings in the domain controller group policy. I now use Auditpol in stead - that works (thanks Morgan J):



To disable all logon and logoff messages in the security log use (in an elevated command prompt):

auditpol /set /category:"Logon/Logoff" /success:disable

&

auditpol /set /category:"Logon/Logoff" /failure:disable


It is also possible to just disable the logon messages by using the subcategory switch:

auditpol /set /subcategory:"Logon" /success:disable

&

auditpol /set /subcategory:"Logon" /failure:disable


To view the current settings, run:

auditpol /get /category:*

Kommentarer

Populære opslag fra denne blog

Microsoft Office 2016 and the AUTO_ACTIVATE property