Re: Default Domain Controller Policy being overwritten

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: fnstrat2 (fnstrat2_at_discussions.microsoft.com)
Date: 08/30/04 

Date: Mon, 30 Aug 2004 08:59:06 -0700

No, this is what happens. I origiginally had the default domain policy to
audit certain events only, not all of them. Soon after upgrading to 2003 I
noticed that the default domain policy had been changed to audit all events.
If I change the default domain controller policy and check it again 10
minutes later it will have reverted back to it's state of auditing all
events. It's just one policy but I cannot make the modifications stick. No
matter what server I modify the policy from it always reverts back to audit
everything.

"Chriss3 [MVP]" wrote:

> I'm not sure I understand the problem. do you meant audit are logged several
> times from different GPOs?
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "fnstrat2" <fnstrat2@discussions.microsoft.com> skrev i meddelandet
> news:60AD08D4-89DC-47A9-9AEC-49A4D6AAFEBD@microsoft.com...
> > I do have the event log size defined. 80000 kb's. The problem is not
> that
> > the log file is not big enough, its more that everything is being written
> to
> > the log file and filling up in a few days. The actual Policy is being
> > rewritten to audit everything. It's almost like I change the policy on
> the
> > server, it takes affect and works for a few minutes until the domain
> > controller policy is reapplied and overwritten. Like the server doesn't
> > actually modify the group policy when I change it.
> >
> > "Chriss3 [MVP]" wrote:
> >
> > > Hello
> > > You may need to define the Maximum event log size for the security logs,
> > > Have a look at the page below.
> > >
> > >
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/resources/documentation/windowsServ/2003/all/techref/en-us/W2K3TR_sepol_event_set.asp
> > >
> > > --
> > > Regards
> > > Christoffer Andersson
> > > Microsoft MVP - Directory Services
> > >
> > > No email replies please - reply in the newsgroup
> > > ------------------------------------------------
> > > http://www.chrisse.se - Active Directory Tips
> > >
> > > "fnstrat2" <fnstrat2@discussions.microsoft.com> skrev i meddelandet
> > > news:7C512C3D-229A-4635-B189-1CFD485A8110@microsoft.com...
> > > > The default domain controller policy is being overwritten every five
> > > minutes
> > > > when the gp updates the computer. I noticed this because I started
> > > getting
> > > > messages every time I logged in saying the security log was full.
> When I
> > > > check the auditing options everything was set to audit success and
> > > failure.
> > > > I have tried resetting many times. When I check the policy again it
> is
> > > > changed back to success and failure for all items. This began
> happening
> > > > after our forest wide upgrade to windows 2003. This problem is
> happening
> > > on
> > > > the Schema Master. I have run netdiag and dcdiag with no errors.
> Also,
> > > no
> > > > errors relating to this in the event logs on either domain controller.
> GP
> > > > updates are applying successfully to the domain controllers.
> > >
> > >
> > >
>
>
>

Relevant Pages

  • RE: Companyweb and guests - advice?
    ... You can find the Default Domain policy under the following node: ... Open server management console, locate Advanced Management -> Group Policy ...
    (microsoft.public.windows.server.sbs)
  • Re: enabling Auditing on a shared folder for Windows SBS 2003
    ... I thought I had setup the auditing in the past but today ... Both object and policy need to be configured. ... You must perform a two-step process to enable the capability to audit ... Server 2003. ...
    (microsoft.public.windows.server.sbs)
  • Re: Object Access Audit Policy for a Domain
    ... Setting that policy and audit SACLin a GPO linked to the ... DCs OU will cause the DCs to cut audit events for accesses ... policy to work on a local server. ...
    (microsoft.public.win2000.security)
  • RE: Group Policy Question
    ... My gut feeling is that there's a server problem. ... "Windows cannot query for the list of Group Policy objects. ... enabled (or select "enforced" for the Default Domain Policy). ...
    (microsoft.public.windows.server.general)
  • RE: Auditing file deletion
    ... regarding this in the security event log. ... Default Domain Controllers Policy. ... Click Computer Configuration, double-click Windows Settings, ... double-click Audit Policy. ...
    (microsoft.public.windows.server.sbs)