Author Topic: Large number of log-on events in windows event log - how to resolve? (v5)  (Read 7990 times)

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11862
Adapted by mouse from responses by serg derevyanko and mObscene:

Issue is caused by enabling "Audit account logon events" option in local security policy. There are two ways to prevent  this:

1. You can disable the logging of account logons if this option isn't  necessary for you

In XP:
 Go to Control panel ~ Administrative tools ~ Local security policy ~ Local policies ~ Audit policy). Then reboot. Disable option "Audit account logon events" by unticking both success & failure. Optionally leave failure ticked (good security practice). You may also need to disable "Audit Access to Global System Objects' in Security Options in the same way (don't do this unless you need to).

In Win7:
Go to Local Security Policy -> Advanced Audit Policy Configuration -> System Audit Policies - Local Groups - Logon/Logoff. Change Audit Logoff from "Not Configured" to "Configure the following audit events" and untick both or optionally select only "Failure"(good security practice). Do the same for Audit Logon and Audit Special Logon.

2. You can limit maximum log size or set a log filter in Security log properties
Go to Control panel ~ Administrative tools ~ Event viewer ~ Security ~ Properties.


Please help us improve this item by posting suggestions to the 'Help materials - Feedback topic' here.

This item has been prepared by volunteer moderators. It has been produced on a best endeavours basis. Please note that moderators are not members of staff and therefore cannot speak on behalf of Comodo.


Updated: 31 January 2012, to reflect changes up to CIS version 5.9.xxx


« Last Edit: January 31, 2012, 01:25:50 PM by mouse1 »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek