changing audit-options

[news.planet.nl]

Hi NG. I cannot seem to be able to modify my audit options under local
security policy. I understand that in a domain the domain rules apply but
when I'm not in the domain I still cannot change anything. All I want is to
log succesfull logons as well as the failures. Am I missing something here?
I am a member of the administrator-group but even logging on as the
Administrator doesn't help.

Tx
Chris

 

[Jack Seredyniecki]

You have to be a local Admin in order to be able to configure the local
security policy:

Control Panel/Administrative Tools/Local Security Policy ...under Local
Policies select Audit Policy and double click on Audit account logon events.

 

[news.planet.nl]

I am. I even try by logging on as the local administrator but - alas - the
options remain 'greyed out'

 

[Roger Abell]

Pro version, right? Was the machine ever in a domain?
Have you tried doing this in a safe mode boot ?

 

[news.planet.nl]

eh yes, yes and no. I shall give that a try.
Is this a pro issue?

 

[news.planet.nl]

Booted to safemode but the options are still greyed out.
Does it mean once in a domain that de last known domain policies are
enforced?

tx,
Chris

 

[Roger Abell]

No, the domain policies should be reversed, or more
correctly no longer applied, once the machine is not
within the domain. There are some preferences that
get applied by domain policy, and preferences do not
get reversed, but this is not one of them.

Well, that is how it should be. What you are seeing
sounds like it is not so, and is just how things would
appear if the domain policies were still being applied.
Has the machine been booted a few times since it was
removed from the domain ?
You could try placing a deny of full control for Administrators
group on system32\GroupPolicy folder, logging off, logging in
as an admin, removing the deny, and then trying to edit policy
to see if it is any different - but I doubt this would have effect
in this situation.

 

[news.planet.nl]

Alas Roger, no such luck.

thanks for helping out!
Chris

 

[Roger Abell]

Alas Roger, no such luck.

thanks for helping out!
Chris

Your situation is most bizarre.
Have you scanned thouroughly for viri and other pests ?
If so, I would try rejoining and then again disjoining from
the domain (and actually, try examining what policies might
be applied while in the domain).
I have not encountered your situation before.

 

[news.planet.nl]

I was contemplating the same action. I have an up2date virus scanner,
ad-aware and a couple of others programs (being somewhat paranoid about my
system). I shall let you know how it turns out. Thanks for your support so
far!

chris