How to Enable or Disable Debug Logging for Netlogon Service on Windows 10
To enable Netlogon logging:
- Start Registry Editor.
- If it exists, delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag.
How do I know if Netlogon logging is enabled?
In the ADAudit Plus web console, click on ‘Reports’ and navigate to the User Management’ section on the left pane. You can then select ‘Account Lockout Analyzer’ report. In the report that opens up, you can click on ‘Analyzer Details’ to see if the source of any account lockout was due to Netlogon.