To enable logging of all logon/logoff attempts in the Security Event Log:
- secpol.msc (as administrator)
- Local Policy > Audit Policy
- Audit account logon events policy
- Check both the Success and Failure check boxes.
To enable logging of all logon/logoff attempts in the Security Event Log: