Re: GPO Policy Auditing Solution
From: Dave Leonardi (DaveLeonardi_at_yahoo.com)
Date: 03/16/04
- Next message: Rob Elder, MVP-Networking: "Re: Windows XP Home ...can it be used on Win 2003 server?"
- Previous message: JJ: "Re: Windows XP Home ...can it be used on Win 2003 server?"
- In reply to: Doug Sherman [MVP]: "Re: GPO Policy Auditing Solution"
- Next in thread: Doug Sherman: "Re: GPO Policy Auditing Solution"
- Reply: Doug Sherman: "Re: GPO Policy Auditing Solution"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 15 Mar 2004 21:08:56 -0500
Doug,
Thanks for the explanation and I guess I'm stuck within my confines.
I had a idea ,whether it's sound or not I'll leave to you. What about a
group policy that only applies to a specific group, users or computers. This
way it would only affect them. Something along those guidelines. What do you
think?
Dave Leonardi
"Doug Sherman [MVP]" <dsherman@nospam.tampabay.rr.com> wrote in message
news:uUSkxzrCEHA.1452@TK2MSFTNGP09.phx.gbl...
> As you have discovered account logon auditing is pretty much an all or
> nothing deal:
>
> 1. If there are multiple Domain Controllers and one of them is local to
the
> lab's subnet such that only (or mostly) lab users are authenticated by
that
> machine, then place the computer account for this DC in a sub-OU created
> within the Domain Controller's OU and enable account logon auditing in the
> group policy for the new sub-OU. This way the DC will get the policies
for
> all DCs plus auditing only for the users it authenticates; OR
>
> 2. In the Group Policy local policy settings for the machines in your
new
> CCSLAB OU, enable auditing for logon events. Logon events are different
> from account logon events. Logon events will create a security log for
all
> persons who logon from these machines. However, the log will also show
> system account logons and accounts connecting to the machine from remote
> computers.
>
> Also, the security logs for logon events are not maintained on the DC -
they
> appear in the Event logs for the individual machine. You can view remote
> machine logs through the Computer Management console, or you could use a
> script to have reports sent from remote machine; but this may not be
> practical if there are a lot of machines in this lab.
>
> Doug Sherman
> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>
> "Dave Leonardi" <cyberfrost100@yahoo.com> wrote in message
> news:eXCbD%23pCEHA.580@TK2MSFTNGP11.phx.gbl...
> > Good Morning,
> >
> > I was wondering if someone could assist me with a group policy
> > auditing scenario. I would like to apply successful/failure auditing
only
> on
> > a group of computers in a computer lab, not the whole domain. What is
> > happening is certain individuals are logging on to the classroom
computers
> > when they have no business being there. I would like to find out who is
> > attempting logon without authorization.
> > I created an OU called CCSLAB, which contains all the lab
> computers,
> > and has an attached group policy underneath it named CCSLAB computer
> policy
> > (no settings created for now). I also have noted that under my default
> > domain controller policy, all auditing features are set to no auditing
by
> > default. I set the audit logon events to success/failure on the domain
> > controller default policy, but it's grabbing everyone. Needless to say
> that
> > went away quickly. I would appreciate it if someone could propose a
> solution
> > to monitor user logon just for the CCSLAB OU. Thanks for your time it is
> > greatly appreciated.
> >
> >
> >
> > Regards,
> >
> >
> >
> >
> > David Leonardi
> >
> >
>
>
- Next message: Rob Elder, MVP-Networking: "Re: Windows XP Home ...can it be used on Win 2003 server?"
- Previous message: JJ: "Re: Windows XP Home ...can it be used on Win 2003 server?"
- In reply to: Doug Sherman [MVP]: "Re: GPO Policy Auditing Solution"
- Next in thread: Doug Sherman: "Re: GPO Policy Auditing Solution"
- Reply: Doug Sherman: "Re: GPO Policy Auditing Solution"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
