Solved

registry settings for audit policies

Posted on 1999-01-07
3
516 Views
Last Modified: 2013-12-23
Under the audit policies for the local user manager on each workstation, there are 7 events with success and failure options. I was trying to find the location of each of these events in the registry but was not able to. Do you have any ideas?
0
Comment
Question by:schurch122297
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Expert Comment

by:cbo120897
ID: 1568522
You can use sysdiff.exe (ressource kit) to checkout, which changes where made in the registry.

1. PC without policie entrys
2. run sysdiff
3. make the policie entries
4. restart PC
5. run sysdiff again to find out the differences

bye

0
 
LVL 2

Accepted Solution

by:
dlanssens earned 70 total points
ID: 1568523
audit policies are stored in a special registry hive :

HKEY_LOCAL_MACHINE\Security\Policy\PolAdtEv

The values in this hive are modified by User Manager.

Normally, you don't have access to that registry hive, because it is being mapped to other parts of the registry, e.g. HKLM\Security\SAM is mapped to HKLM\SAM.
You can look at that hive however, but you will have to give yourself some extra rights.  As and Administrator, open REGEDT32.
Select the hive HKLM\Security, go to Security-Permissions in the menu, and add Administrators with Full control.

Do this at your own risk !!!!!!!  You will get no support from Microsoft if you mess up the registry.
0
 

Author Comment

by:schurch122297
ID: 1568524
thank you. i shall look into it.
0

Featured Post

Want Experts Exchange at your fingertips?

With Experts Exchange’s latest app release, you can now experience our most recent features, updates, and the same community interface while on-the-go. Download our latest app release at the Android or Apple stores today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month7 days, 7 hours left to enroll

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question