Windows 10 Auditing Logons Practical Activity for Security Settings

Verified

Added on 2020/04/21

AI Summary

This practical assignment requires students to use a Windows 10 virtual machine to enable and verify logon auditing. Students must ensure that they are working with at least one or two users set up in the VM. The first step involves enabling logon auditing by navigating through the Local Group Policy Editor, specifically under 'Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy.' Students need to list and configure nine specific policies related to account logon events. They must enable both success and failure audits for the 'Audit Logon Events' policy. The second part of the assignment involves using the Event Viewer to check for successful and failed user login attempts, providing insights into how these events are recorded within the system's security logs. This practical task emphasizes understanding Windows 10's security mechanisms concerning user authentication and event logging.

Windows Client Cluster Class Activity
Auditing Logons in Windows 10
Name of Student: [Please Fill Your Name] Date: [Please fill Date]
 Enter your name in the “Name of Student” area and enter today’s date in the “Date” area,
 Answer the following questions,
 Save this document with a new file name (preferably with a file name “Yourfirstname-
Yourlastname-Win10AuditingLogons.doc”), and
 Upload the document in Word format to the Moodle website on or before the due date.
Question answer
Please make sure that you do this activity using the
virtual machine and not the physical computer.
You need to have one or two users in your Windows
10 computer to do this class activity.
This is a step to enable logon auditing » Right-click
the “Windows Start” button to select “Run” » Enter
gpedit.msc and hit the Enter key » Navigate to
“Computer Configuration\Windows Settings\
Security Settings \Local Policies\Audit Policy” »
Write down the names of the nine policies in the
right box » Double-click “Audit logon events” to tick
both “Success” and “Failure” » Apply » OK » Close
the “Local Group Policy Editor” screen and log off
the Win10 virtual machine.
 Name of the Nine policies
I. Audit account logon events.
II. Audit account management
III. Audit Directory service access
IV. Audit Logon events
V. Audit object access
VI. Audit policy change
VII. Audit privilege use
VIII. Audit process tracking
IX. Audit System events
This is a step to use Event Viewer to check success
and/or failure logons » Log on to the Win10 virtual
machine using the wrong password and then using
the correct password » Log off the Win10 virtual
machine and log back on as the Administrator or
“student” » Right-click the “Windows Start” button
to select “Event Viewer” » Navigate to “Windows
logs\Security” » Locate the “Audit Failure” and
“Audit Success” logs of the username that you used
to log in in the last step (tip: you can check for
“Logon” from the “Task Category” column) » Explain
in your own words in the right box what is the usage
of checking successful and failed user logons.
 Usage of checking successful and failed
user logons
The Audit account logon events denotes
different users log on/off instances on any
specific computer system by logging the
events with their result (whether successful
or failure). These events are specially
connected to the domain logon events. The
data related to this is logged in the security
log.
Whenever a user logs on to any computer
system in a network in the domain utilizing a
specific user account; domain controller
authenticates that specific attempt of logging
Page 1 of 2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Question answer
in to the domain account. For both the cases
(successful or failed attempt of the user) it
generates an account logon event.
Page 2 of 2