Re: W2K3 R2 is not logging/auditing failure events
- From: Adam Sandler <corn29@xxxxxxxxxx>
- Date: 3 May 2007 09:40:09 -0700
On May 2, 1:03 am, Florian Frommherz
<flor...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Try to configure the domain account audit settings at the Default Domain
Controllers OU as the domain controllers are the ones that will have to
audit those. If you did that, be sure to look at the eventlog of all
domain controllers in your organization, as only the domain controller
that proceeds the authentication request will write success/failure
messages into the eventlog. They do not get replicated.
Thanks for the reply... I thought I had did that.
I have a follow-up. Someone told me to install the Group Policy
Management Console. I did so and when I ran it, gpmc.msc did indeed
show the changes I made to the audit policy... BUT there is a column
titled "enforced" in the window and it displayed "no". When I went to
the domain server node, in the tree on the left-hand side of the
console, right clicked, and selected enforce, the audit settings I
specified started working.
So while everything is working as expected now, this makes me wonder,
if someone doesn't download and install gpmc, how does one turn
"enforce" on? Without seeing that enforce column reading "no", I
would have had no idea why the GPO settings I specified weren't
working.
Thanks!
.
- References:
- W2K3 R2 is not logging/auditing failure events
- From: Adam Sandler
- Re: W2K3 R2 is not logging/auditing failure events
- From: Florian Frommherz
- W2K3 R2 is not logging/auditing failure events
- Prev by Date: password change problem
- Next by Date: Deny Change IP address with win xp
- Previous by thread: Re: W2K3 R2 is not logging/auditing failure events
- Next by thread: Re: How To Control restrictAnonymous in Mixed Environment 2000/2003
- Index(es):
Relevant Pages
|
