Both are Logon Audit Polices in Group Policy. In Active Directory based domain system, Logon , Logoff and Logon Failures events are controlled by these two security policy settings.
Audit Logon events (Client Events)
- The Audit logon events policy records all attempts to log on to the local computer, whether by using a domain account or a local account.
- On Domain Controller, this policy records attempts to access the DC only.
- It records both Logon and Logoff events whereas Account Logon logs only Logon events.
- By using these events we can track user’s logon duration by mapping logon and logoff events with user’s Logon ID which is unique between user’s logon and logoff . (Refer this article: Tracking User Logon Activity using Logon and Logoff Events)
- Refer this article: Steps to enable Audit Logon events (client events) to configure the Logon and Logoff events.
Audit account logon events (DC Events)
- Account logon events are generated when a domain user account is authenticated on a domain controller.
- These events will be logged in Domain Controller’s security log.
- If you enable this policy on a workstation or member server, it will record any attempts to log on by using a local account stored in that computer’s SAM
- This is a authentication event, so it logs only Logon events, it means, logs the event whenever a user authenticated by Domain Controller.
- Refer this article: Steps to enable Account Logon events (DC events) to configure Account Logon events.
Advertisement