Where this Audit Polciy comming from?

G

GX

Ok, tricky question...

I have 5 DC's (1 local / 4 remote)
40 member servers
300 clients

I'm getting ready to use a 3rd party application (CA eTrust Audit) to define
Audit Policies on my domain.

I went into my loca DC (Win2KSVR SP4) and did the following:
Domain Controllers Security Policies - Not define to all Audit Events
Domain Security Policy - Not define to all Audit Events
Local Security Policy - Not define to all Audit Events

went into cmd prompt and ran:
c:\>Secedit /refreshpolicy machine_policy /enforce

checked the Local Policies and it reads like this:
Local Setting | Effective Setting
No Auditing | Success, Failure for mostly everything

I have checked everything and everywhere I can think about and there is
nothing forcing these policies to the domain...is there's anything I can
do...
any command? any tool? any tip? that can help me out to figure this out????

Desperate...

GX
 
B

Bob

If you have access to the Windows 2000 Resource Kit, you
can run the gpresult tool on the machine in question.
This will tell you where policies are coming from.

Bob
 
G

GX

I did the gpedit on another server and this came out:
===============================================================
The computer received "Security" settings from these GPOs:

Local Group Policy
Default Domain Policy
Servers

I checked those and they are empty.....any other ideas?

Thanks,
GX
 
P

Paul Adare - MVP - Microsoft Virtual PC

in the said:
I went into my loca DC (Win2KSVR SP4) and did the following:
Domain Controllers Security Policies - Not define to all Audit Events
Domain Security Policy - Not define to all Audit Events
Local Security Policy - Not define to all Audit Events
Click to expand...

Your problem is setting it to Not Defined. This means, "I'm not going to
change any setting. If this setting is currently on, I'll leave it on,
if it is currently off, I'll leave it off." Change the settings to
Defined, but don't select Success or Failure. Once those changes have
been applied, you can then set them back to Not Defined.
 
G

GX

This worked, however, I wanted to let all the policies set to "Not Defined"
and I guess that if I follow the same logical pattern you did it won't set
it to "Not Define" once I have setup the policy to "No Auditing"

I tried the same way you said but it just doesn;t change....
Any other suggestiong to take it back to "Not Defined"?

Thanks,
GX
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Audit Account Logon Events 3
Authentication Auditing 5
Object Access Audit Policy for a Domain 4
Auditing ? 1
Domain Controller Security Policy vs. Domain Security Policy? 1
Win2K Auditing / Security Event Log Problems 2
Auditing file changes does not works 1
Audit file for failure 4

Top