Re: W2K3 R2 is not logging/auditing failure events
- From: Florian Frommherz <florian@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 02 May 2007 09:03:07 +0200
Howdie!
Adam Sandler wrote:
I'm running 2003 Server R2 here. I went to Default Domain Security
Settings, Local Policies, Audit Policy, Audit Logon Events ***AND***
Audit Account Logon Events, and selected audit success and failure.
I then did a gpupdate /force.
Now, from any host, when I supply a bad password or a username which
does not exist in AD, I don't get the failure event(s) in the security
log, only when a user successfully logs on to the system gets logged.
Try to configure the domain account audit settings at the Default Domain Controllers OU as the domain controllers are the ones that will have to audit those. If you did that, be sure to look at the eventlog of all domain controllers in your organization, as only the domain controller that proceeds the authentication request will write success/failure messages into the eventlog. They do not get replicated.
If nothing helps, try to have a look at rsop.msc and see whether there is another policy that has higher proceedence and could overwrite your settings.
cheers,
Florian
--
Nachwuchsadmin aus dem Süddeutschen/Germany.
eMail: Vorname [bei] frickelsoft [Punkt] net.
blog: http://www.frickelsoft.net/blog.
.
- Follow-Ups:
- Re: W2K3 R2 is not logging/auditing failure events
- From: Adam Sandler
- Re: W2K3 R2 is not logging/auditing failure events
- References:
- W2K3 R2 is not logging/auditing failure events
- From: Adam Sandler
- W2K3 R2 is not logging/auditing failure events
- Prev by Date: Re: XP machine removed from domain still gets domain policy
- Next by Date: Re: localgroup administrators
- Previous by thread: W2K3 R2 is not logging/auditing failure events
- Next by thread: Re: W2K3 R2 is not logging/auditing failure events
- Index(es):
Relevant Pages
|
