This security setting determines whether the OS audits each instance of a user attempting to log on to or to log off to this computer. Log off events are generated whenever a logged on user account's logon session is terminated. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures). Default values on Client editions: Logon: Success Logoff: Success Account Lockout: Success IPsec Main Mode: No Auditing IPsec Quick Mode: No Auditing IPsec Extended Mode: No Auditing Special Logon: Success Other Logon/Logoff Events: No Auditing Network Policy Server: Success, Failure Default values on Server editions: Logon: Success, Failure Logoff: Success Account Lockout: Success IPsec Main Mode: No Auditing IPsec Quick Mode: No Auditing IPsec Extended Mode: No Auditing Special Logon: Success Other Logon/Logoff Events: No Auditing Network Policy Server: Success, Failure
For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node.
Windows Settings/
Security Settings/
Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
After changing group policy options, you need to update group policy. If you do not update group policy then settings will not effect. To update it just simply type below command and also sample image is shown.
gpupdate /force
In about command we used "/force" option, this will help up to update policy options forcefully.
