Disable logon and logoff events (event id 4624, 4625, 4634 (and all the other ones...))

I have tried several times to make my domain controller not log logon and logoff events in the security log. But it seems to ignore the settings in the domain controller group policy. I now use Auditpol in stead - that works (thanks Morgan J):

To disable all logon and logoff messages in the security log use (in an elevated command prompt):

auditpol /set /category:"Logon/Logoff" /success:disable


auditpol /set /category:"Logon/Logoff" /failure:disable

It is also possible to just disable the logon messages by using the subcategory switch:

auditpol /set /subcategory:"Logon" /success:disable


auditpol /set /subcategory:"Logon" /failure:disable

To view the current settings, run:

auditpol /get /category:*


Populære indlæg fra denne blog

Microsoft Office 2016 and the AUTO_ACTIVATE property

Check_MK (or OMD) and access to network topology

Enable OpenELEC SSH login with keys, and without password, disable local SSH password