Solved

registry settings for audit policies

Posted on 1999-01-07
3
497 Views
Last Modified: 2013-12-23
Under the audit policies for the local user manager on each workstation, there are 7 events with success and failure options. I was trying to find the location of each of these events in the registry but was not able to. Do you have any ideas?
0
Comment
Question by:schurch122297
3 Comments
 
LVL 3

Expert Comment

by:cbo120897
ID: 1568522
You can use sysdiff.exe (ressource kit) to checkout, which changes where made in the registry.

1. PC without policie entrys
2. run sysdiff
3. make the policie entries
4. restart PC
5. run sysdiff again to find out the differences

bye

0
 
LVL 2

Accepted Solution

by:
dlanssens earned 70 total points
ID: 1568523
audit policies are stored in a special registry hive :

HKEY_LOCAL_MACHINE\Security\Policy\PolAdtEv

The values in this hive are modified by User Manager.

Normally, you don't have access to that registry hive, because it is being mapped to other parts of the registry, e.g. HKLM\Security\SAM is mapped to HKLM\SAM.
You can look at that hive however, but you will have to give yourself some extra rights.  As and Administrator, open REGEDT32.
Select the hive HKLM\Security, go to Security-Permissions in the menu, and add Administrators with Full control.

Do this at your own risk !!!!!!!  You will get no support from Microsoft if you mess up the registry.
0
 

Author Comment

by:schurch122297
ID: 1568524
thank you. i shall look into it.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question