Auditing of Account Logon: Other Account Logon Events events on failure should be enabled or disabled as appropriate. Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. Examples can include the following: * Remote Desktop session disconnections * New Remote Desktop sessions * Locking and unlocking a workstation * Invoking a screen saver * Dismissing a screen saver * Detection of a Kerberos replay attack, in which a Kerberos request with identical information was received twice * Access to a wireless network granted to a user or computer account * Access to a wired 802.1x network granted to a user or computer account Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO