If this is the wrong forum, please let me know. It pertains to Security logs.
I'm trying to do an audit from the domain controllers to see who is logging into workstations by either Smart Cards or Username/Password. From what I've read in regards to Windows 2003, this could be accomplished using TGT pre-auth requests (672 for 2003 and 4769 for 2008).
I am finding that the domain controllers seem to only log the TGT pre-auth for locally logging into the DC, not logging on to the Workstations.
Any clue on how to see who is logging into the domain with smart cards from a Windows 2008 domain controller?