Question : EVentid="528""Logon Events" for domain admin/user on the target machine

Want to audit the domain users admin account and other account who logged into the server. When a domain user or domain admin account logs on to the serve I want to log his activity even at the target server level not at the domain controller level.  As I dont permissions to logon to domain controller and run my c# code to update db even nightly? Trying to get domain admin /users log on activity with eventID=528  

When a domain credential is used to logon to the target machine and
"Account Logon Events" is audited on the domain controller, then an entry will appear at the domain controller but not on that of the target machine, unless "Logon Events" is audited on the target machine. "Account Logon Events" will log an entry into the domain controller but not the target machine (unless "Logon Events" is also audited on the target machine) because a domain  credential is used and domain accounts are created on the domain controller and not on the target machine.
Q :  how do we make sure domain users get logged on target machines.?
thanks
for the pointer
Audi008

Answer : EVentid="528""Logon Events" for domain admin/user on the target machine

As I have been saying, if the user is logging into a session on the server - in other words, they are Remote Desktop, VNC or sitting at the console - then the event is logged at the *Domain Controller*. (NOT the server). It is the DC you need to look at in order to retrieve the login/logoff events.

The ONLY events you are going to find in a non-DC's Security Log are events for using accessing the server from sessions on another machine. In other words, this is users accessing printers, file shares and so on... but not those logging directly into the server.

You need auditing enabled in Group Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy) before ANY events are going to be logged anywhere.

-Matt