Microsoft Windows: Audit Other Logon/Logoff Events

Audit Other Logon/Logoff Events determines whether Windows generates audit events for other logon or logoff events. These other logon or logoff events include: - A Remote Desktop session connects or disconnects. - A workstation is locked or unlocked. - A screen saver is invoked or dismissed. - A replay attack is detected. This event indicates that a Kerberos request was received twice with identical information. This condition could also be caused by network misconfiguration. - A user is granted access to a wireless network. It can be either a user account or the computer account. - A user is granted access to a wired 802.1x network. It can be either a user account or the computer account. Logon events are essential to understanding user activity and detecting potential attacks. (C) Microsoft Corporation 2017.