Re: Enable Auditing Server 2008

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxx>
Date: Tue, 20 Oct 2009 07:11:03 -0500

Meinolf is correct you need to audit on the domain controllers for the
domain, but if you set it at the root of the domain it will be set so that
it will do both the domain controllers and the local machines. Thereby
providing across all machines no matter which ou.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911d7d7d8cc1f7845717a10@xxxxxxxxxxxxxxxxxxxxxxx

Hello aconti,

Auditing has to be enabled on the domain controllers OU, they will log the
authentication to the domain, no other machine will do it.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hello I want to enable auditing for a particular OU specifically I
want to Audit Logon events. I enabled the policy on the Local Security
Policy for success and failure events but now I think that it will log
all logs from all OUs in the domain. How do I continue after enabling
the Local Security Policy to specify to which OU I want to apply this
?

Thnak you

http://forums.techarena.in

Follow-Ups:
- Re: Enable Auditing Server 2008
  - From: aconti

References:
- Enable Auditing Server 2008
  - From: aconti
- Re: Enable Auditing Server 2008
  - From: Meinolf Weber [MVP-DS]

Prev by Date: Re: Windows Server 2008 Ent With AD Crashed= URGENT
Next by Date: Re: Please Clarify
Previous by thread: Re: Enable Auditing Server 2008
Next by thread: Re: Enable Auditing Server 2008
Index(es):
- Date
- Thread

Relevant Pages

Re: I need a Step-by-Step to set up file deletion Auditing on SBS...
... Default Domain Controllers Policy. ... Right-click Domain Controllers, click Properties. ... Click Computer Configuration, double-click Windows Settings, double-click ... Audit Policy. ...
(microsoft.public.windows.server.sbs)
Re: Auditing access to files and folders
... Audit policy on the DCs (default domain controllers policy) includes ... Maybe you're checking the wrong log viewer. ...
(microsoft.public.win2000.security)
Re: Default Domain password policy issue
... The domain controllers are members of authenticated users. ... as for applied Group Policy objects for computer settings. ... Policy replication/version problems. ... The settings in this GPO can only apply to the following groups, users, ...
(microsoft.public.windows.group_policy)
Re: Blocking port scans on local network
... You can implement enumeration of SAM accounts and shares with probably no ... on domain controllers via Domain Controller Security Policy depending of ... domain computer that has a "require" ipsec policy assigned to it. ... between domain computers and domain controllers as the domain controllers ...
(microsoft.public.win2000.security)
RE: Account Lockout Policy
... he didn't say that the policy would be *linked* at ... the Domain Controllers OU, just that the domain password policy would apply ... the Domain Controllers OU will still use the password policy that is defined ... they still utilize the domain-level account settings, because, again, the ...
(Focus-Microsoft)