Default Domain Policy and auditing logons

[Guest]

I have a single Windows 2003 Domain Controller. I have edited the default
domain policy and checked Success and Failure events for everything under
Audit Policy. I then try to logon and off from a workstation logging into the
domain and nothing is in the Security Event viewer. Under the local policy on
the server for the Audit policy, everything is grayed out and listed as no
audit. Am I missing something. It seems to be pretty straight forward to
audit domain logons and logoffs. Any help would be greatly appreciated.

 

[Roger Abell]

Under the local policy on the server for the Audit policy,

everything is grayed out and listed as no audit.

Shows that the local machine is seeing that there is a policy
set from GPO other than as not configured, but it is not what
is currently set, or at least not what you think is currently set.

However, for a domain account login, what is important is that
the audit policy settings are being applied to the DCs. What you
see on the member control its logging of machine local logins.

Two things to first check.
Is there a higher priority domain linked GPO that is changing
the settings from what you have stated in the one GPO that you
are expecting to see applied.
Is the machine getting a policy refresh; that is, have you waited
long enough. You may force application with gpupdate if that
member is W2k3 or secedit if W2k.