Auditing Events

G

Guest

I'm very sorry. I didn't mean to make an empty post. I keyed ENTER too
accidentally before I intended to type the message.

Anyway, I was trying the auditing events with my Windows 2000 Small Business
Server, but I failed to see any event on the log. This was what I did. For
instance, I want to try the logon events. So, I went to the Active Directory
Users and Computers from the Administrative Tools menu, and right-click the
domain name in the console tree. Chose Properties from the shortcut menu,
clicked on the Group Policy tab, and pressed th Edit button. In the left pane
of the Group Policy console, I clicked on Computer Configuration, Windows
Settings, Security Settings, and Local Policies to reach Audit Policy. I
right-clicked on "Audit logon events", and chose Security. Selected the
checkbox to define the settings and the option to audit successful and failed
attempts.

So after enabling the audit event, I went to a computer to login to the
server. Then I log out. I go back to the server, I check the Security Log,
there's nothing reflected on it. What should I do? Thank you.
 
F

Florian Frommherz

Howdy!
Anyway, I was trying the auditing events with my Windows 2000 Small Business
Server, but I failed to see any event on the log. This was what I did. For
instance, I want to try the logon events. So, I went to the Active Directory
Users and Computers from the Administrative Tools menu, and right-click the
domain name in the console tree. Chose Properties from the shortcut menu,
Click to expand...

You have to link your auditing policy to the Default Domain Controllers
OU if you want to audit all domain logon attempts. This is, because the
domain controllers accept the user's and computer's logon requests and
are therefore the central place to start auditing.
So after enabling the audit event, I went to a computer to login to the
server. Then I log out. I go back to the server, I check the Security Log,
there's nothing reflected on it.
Click to expand...

Please notice, that only the domain controller that proceeds the logon
attempt will write the success/failure into it's security log. If you
have more than one domain controller, you will check all of them to
verify your logging success.

cheers,

Florian
 
G

Guest

Thank you. What about checking who tried to copy some files in a specific
folder? What should I do?
 
G

Guest

By the way how do you link the auditing policy to the Default Domain
Controllers OU?
 
A

Andreware

wrytat said:
By the way how do you link the auditing policy to the Default Domain
Controllers OU?
Click to expand...
[SNIP]

You edit the Group Policy from the 'Domain Controllers' OU, not the
domain-wide policy. Do exactly what you did before, but instead of
context-clicking the domain in the list, click the 'Domain Controllers' OU.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Object Access Auditing causes security log to fill up 3
Problems with Security Policy 1
security log filling up 5
Enabling an audit policy on my DC's 2
Default Domain Policy and auditing logons 1
Audit Account Logon events - Domain Controller 0
Auditing.. We all love it... 2
Auditing Privilege Use - failure only but still get Success 2

Top