Auditing of Account Logon: Credential Validation events on failure should be enabled or disabled as appropriate. Audit Credential Validation, which determines whether the operating system generates audit events on credentials that are submitted for a user account logon request. These events occur on the computer that is authoritative for the credentials as follows: * For domain accounts, the domain controller is authoritative. * For local accounts, the local computer is authoritative. Event volume: High on domain controllers ecause domain accounts are used much more frequently than local accounts in enterprise environments, most of the Account Logon events in a domain environment occur on the domain controllers that are authoritative for the domain accounts. However, these events can occur on any computer, and they may occur in conjunction with or on separate computers from Logon and Logoff events. Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO