none
Domain Controller Event ID 4624

    Question

  • Hello. What LogonTypes for Event ID 4624 should be recorded in a Domain Controllers security log? For instance, logon type 10 (RemoteInteractice for Term Services, RDP, or Remote Assistance) is not being recorded in my DC security log when I RDP into domain members, its only being logged if I RDP into the actual DCs. OS version for our DCs is Server 2012 R2.
    • Edited by J_2017 Thursday, February 23, 2017 3:36 PM
    Thursday, February 23, 2017 3:35 PM

Answers

  • Hello. What LogonTypes for Event ID 4624 should be recorded in a Domain Controllers security log? For instance, logon type 10 (RemoteInteractice for Term Services, RDP, or Remote Assistance) is not being recorded in my DC security log when I RDP into domain members, its only being logged if I RDP into the actual DCs. OS version for our DCs is Server 2012 R2.

    As far as I am concerned, event 4624 will log on real computers on which you login to. I mean if you login to a member computer, you can not search DC event viewer for mentioned events, instead you should search on local PC. 4624 will be logged on DCs once you login to actual DCs.

    If you would like to have a central repository of who logged where, you need to start using other events. I guess you can use Kerberos events and filter them to show just Kerberos tickets for user accounts instead of computers.


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    • Marked as answer by J_2017 Monday, February 27, 2017 9:30 PM
    Friday, February 24, 2017 4:21 AM
    Moderator