Difference between Windows "Audit account logon events" & "Audit logon events"

In windows user login capturing reports there are two options available for us to choose. Naming convention which has been used here is really confusing and does not make any sense to a non advanced user

1. Audit account logon event - Used in a domain controller
2. Audit logon events - Used in a personal computer

1. Audit account logon event

This setting track the user logging on to or logging off from another computer but this computer is used to validate the account. In general terms this will be of no use, if you have a standalone pc which is not connected to any network.

When a domain user account is authenticated using this computer, this computer will track those logging on and logging off. Event is logged in local security log.

Events	Description
672	An authentication service (AS) ticket was successfully issued and validated.
673	A ticket granting service (TGS) ticket was granted.
674	A security principal renewed an AS ticket or TGS ticket.
675	Preauthentication failed. This event is generated on a Key Distribution Center (KDC) when a user types in an incorrect password.
676	Authentication ticket request failed. This event is not generated in Windows XP or in the Windows Server 2003 family.
677	A TGS ticket was not granted. This event is not generated in Windows XP or in the Windows Server 2003 family.
678	An account was successfully mapped to a domain account.
681	Logon failure. A domain account logon was attempted. This event is not generated in Windows XP or in the Windows Server 2003 family.
682	A user has reconnected to a disconnected terminal server session.
683	A user disconnected a terminal server session without logging off.

2. Audit logon event

This would be the basic setting which would be required by individual standalone computers, to track multiple user logging on. This will track the when the users login to windows using this computer.

Logon events and description

Logon Events	Description
528	A user successfully logged on to a computer. For information about the type of logon, see the Logon Types table below.
529	Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password.
530	Logon failure. A logon attempt was made user account tried to log on outside of the allowed time.
531	Logon failure. A logon attempt was made using a disabled account.
532	Logon failure. A logon attempt was made using an expired account.
533	Logon failure. A logon attempt was made by a user who is not allowed to log on at this computer.
534	Logon failure. The user attempted to log on with a type that is not allowed.
535	Logon failure. The password for the specified account has expired.
536	Logon failure. The Net Logon service is not active.
537	Logon failure. The logon attempt failed for other reasons. Note In some cases, the reason for the logon failure may not be known.
538	The logoff process was completed for a user.
539	Logon failure. The account was locked out at the time the logon attempt was made.
540	A user successfully logged on to a network.
541	Main mode Internet Key Exchange (IKE) authentication was completed between the local computer and the listed peer identity (establishing a security association), or quick mode has established a data channel.
542	A data channel was terminated.
543	Main mode was terminated. Note This might occur as a result of the time limit on the security association expiring (the default is eight hours), policy changes, or peer termination.
544	Main mode authentication failed because the peer did not provide a valid certificate or the signature was not validated.
545	Main mode authentication failed because of a Kerberos failure or a password that is not valid.
546	IKE security association establishment failed because the peer sent a proposal that is not valid. A packet was received that contained data that is not valid.
547	A failure occurred during an IKE handshake.
548	Logon failure. The security ID (SID) from a trusted domain does not match the account domain SID of the client.
549	Logon failure. All SIDs corresponding to untrusted namespaces were filtered out during an authentication across forests.
550	Notification message that could indicate a possible denial-of-service attack.
551	A user initiated the logoff process.
552	A user successfully logged on to a computer using explicit credentials while already logged on as a different user.
682	A user has reconnected to a disconnected terminal server session.
683	A user disconnected a terminal server session without logging off. Note This event is generated when a user is connected to a terminal server session over the network. It appears on the terminal server.

Logon event 528 has more descriptions in it

type	Logon title	Description
2	Interactive	A user logged on to this computer.
3	Network	A user or computer logged on to this computer from the network.
4	Batch	Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention.
5	Service	A service was started by the Service Control Manager.
7	Unlock	This workstation was unlocked.
8	NetworkCleartext	A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext).
9	NewCredentials	A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections.
10	RemoteInteractive	A user logged on to this computer remotely using Terminal Services or Remote Desktop.
11	CachedInteractive	A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials.