Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I have installed STAS on a 2016 Server Core, but all my users has an account logon type 1.
Sophos is 17.5.5 MR5 and STAS is 126.96.36.199.
I am having some problems with some users not being able to authenticate through SSO, only opening the web portal.
I think it may be related to the account logon in local security policy, because theres no event 4768 in event log, but how can i change the audit account logon on server core?
I know about the secedit command, but i am afraid to import the security settings of another server into my AD Server.
Theres another way?
Another option that may be possible is to use Group Policies to push the settings to the core server.
In reply to SJaramillo:
As far as i know, Logon Type one is only WMI.
Type 2 is Login Event.
Seems like your Client is not able to read the Event Log.
In reply to LuCar Toni:
Thats correct, because i cant enable the audit account logon events, success and failure.
I think thats the problem, and i dont have the id 4278 in event log either.
In reply to eecl:
I am not quite the Windows Core specialist, but i assume, you can enable this specific setting via powershell.