Enabling an audit policy on my DC's

  • Thread starter Harrison Midkiff
  • Start date
H

Harrison Midkiff

Hello:

I am trying to enable auditing on my DC's. My setup is standard. All my
servers are in the "Domain Controllers" OU. I edited the "Default Domain
Controllers Policy" under "Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy". I enabled "Audit Account Management"
and a few others. When I looked in the Security log for the events which
should be generated by this setting they do not appear. I did a "gpresult
/v" and on the DC's are applying the "Default Domain Controllers Policy".

I followed TechNet doc 314977 "How to enable Active Directory access
auditing in Windows 2000" as a guide.

I am a bit confused why I am not getting the auditing? Does anyone have any
suggestions? Is there something I missed?
Harrison Midkiff
 
V

Vincent Xu [MSFT]

Hi Harrison,

The bottom of the article outlined: The policy change will not take place
immediately. Active Directory domain controllers automatically check for
policy changes to domain controller policy every five minutes. Replication
intervals also must be considered for the policy to propagate throughout
all domain controllers in the organization.

If the group policy still not applied.
1. run gpupdate/force to see the results
2. go back to check if you have edited the policy correctly.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
 
F

Florian Frommherz

Howdy Harrison!

Harrison said:
I am trying to enable auditing on my DC's. My setup is standard. All my
servers are in the "Domain Controllers" OU. I edited the "Default Domain
Controllers Policy" under "Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy". I enabled "Audit Account Management"
and a few others. When I looked in the Security log for the events which
should be generated by this setting they do not appear. I did a "gpresult
/v" and on the DC's are applying the "Default Domain Controllers Policy".
Click to expand...

So you checked *every* DC's security log for the corresponding entries?
The event will only be logged at the Domain Controller where the event
occured. So a user logs on authenticating on DC1, only DC1 will write
the successful login to it's security log.

cheers,

Florian
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Audit File Access 1
Auditing GPO Win2000 1
Group Policy Inheritance 1
Audit Account Logon events - Domain Controller 0
DC not processing the domain controller GPO 3
Inheritance 1
security log filling up 5
How to apply audit policy 1

Top