Re: Default Domain Policy vs Default Domain Controller Policy
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 1 Oct 2005 16:09:01 -0500
You need to make sure that auditing of "account logon" events is enabled in
for both success and failure in Domain Controller Security Policy. It sounds
like it was set to undefined for at least failure if enabling it in Domain
Security Policy got it to work. You will find the Resultant Set of Policy
mmc snapin on the domain controller in logging mode helpful to find out what
Group Policy settings are applied to the computer and it should show the GPO
that is applying a particular setting. It would make do difference if you
were logging on from a domain workstation as all domain user accounts are
authenticated by a domain controller and a logon failure to the domain
should generate a failed "account logon" event in the security log of the
domain controller used for authentication. Since you seem to be experiencing
problems and time lags I would verify that dns is correct in that your only
domain controller points ONLY to itself as it's preferred dns server by it's
static IP address as shown via ipconfig /all. Then check the system,
application, etc, logs for anything that may be related and run the support
tools netdiag, dcdiag, and gpotool on your domain controller to see if a
problem is found. The support tools are on the install disk in the
support/tools folder where you need to run the setup program there. ---
Steve
"Tyler Cobb" <rtcobb@xxxxxxxxxxxxx> wrote in message
news:C2X_e.4645$Qb6.4620@xxxxxxxxxxxxxxxxxxxxxxxxx
> I'm reading along in the 70-290 book and there's an exercise that tells me
> to enable the Audit Accounts Logon Events and the Audit Logon Events
> policies in the Default Domain Controller Policy area. After that, they
> wanted me to try to log in with the wrong password on an account and then
> to
> come back on as Administrator and check out the Security Log in Event
> Viewer. I did all this but I noticed that it does not record any invalid
> logon attempts. It did, however, show the successful ones. I have verified
> that the policies are configured to audit both successes and failures.
>
> Out of curiousity, I went into the Default Domain Policy and enabled the
> same audit policies in there. When I viewed the Security Logs, I could see
> invalid logon attempts. Could the book be wrong or is there something I'm
> not understanding in a real scenario? I just have one computer setup with
> Windows Server 2003 for lab exercises. I was trying to generate invalid
> logins from the console. It's not networked to anything at the moment.
> Would
> it have worked if it were not a PDC on a one-computer network? Would it
> have
> been different if I tried to logon from a workstation?
>
> That brings me to another question if anyone has the time. I noticed that
> there seems to be an excessive pause when making some choices in Active
> Directory. I'm assuming the computer is trying to talk to something on the
> network that isn't there and timing out. Any idea what would be causing
> this?
>
> Thanks!
>
.
- Follow-Ups:
- Re: Default Domain Policy vs Default Domain Controller Policy
- From: Tyler Cobb
- Re: Default Domain Policy vs Default Domain Controller Policy
- Prev by Date: Re: Default Domain Policy vs Default Domain Controller Policy
- Next by Date: Re: I Have Been To MCNGP.COM
- Previous by thread: Re: Default Domain Policy vs Default Domain Controller Policy
- Next by thread: Re: Default Domain Policy vs Default Domain Controller Policy
- Index(es):
Relevant Pages
|
