Logon/Logoff

Applies To: Windows 7, Windows Server 2008 R2

Logon/Logoff security policy settings and audit events allow you to track attempts to log on to a computer interactively or over a network. These events are particularly useful for tracking user activity and identifying potential attacks on network resources. This category includes the following subcategories:

• Audit Account Lockout

• Audit IPsec Extended Mode

• Audit IPsec Main Mode

• Audit IPsec Quick Mode

• Audit Logoff

• Audit Logon

• Audit Network Policy Server

• Audit Other Logon/Logoff Events

• Audit Special Logon

For more information about audit events that are generated by Logon/Logoff audit settings in Windows Server 2008 R2 and Windows 7, see Security Audit Events for Windows 7 and Windows Server 2008 R2 (https://go.microsoft.com/fwlink/?LinkId=157780).