Solved

registry settings for audit policies

Posted on 1999-01-07
3
508 Views
Last Modified: 2013-12-23
Under the audit policies for the local user manager on each workstation, there are 7 events with success and failure options. I was trying to find the location of each of these events in the registry but was not able to. Do you have any ideas?
0
Comment
Question by:schurch122297
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Expert Comment

by:cbo120897
ID: 1568522
You can use sysdiff.exe (ressource kit) to checkout, which changes where made in the registry.

1. PC without policie entrys
2. run sysdiff
3. make the policie entries
4. restart PC
5. run sysdiff again to find out the differences

bye

0
 
LVL 2

Accepted Solution

by:
dlanssens earned 70 total points
ID: 1568523
audit policies are stored in a special registry hive :

HKEY_LOCAL_MACHINE\Security\Policy\PolAdtEv

The values in this hive are modified by User Manager.

Normally, you don't have access to that registry hive, because it is being mapped to other parts of the registry, e.g. HKLM\Security\SAM is mapped to HKLM\SAM.
You can look at that hive however, but you will have to give yourself some extra rights.  As and Administrator, open REGEDT32.
Select the hive HKLM\Security, go to Security-Permissions in the menu, and add Administrators with Full control.

Do this at your own risk !!!!!!!  You will get no support from Microsoft if you mess up the registry.
0
 

Author Comment

by:schurch122297
ID: 1568524
thank you. i shall look into it.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot Change Local DNS 9 95
Want Win 10 Pro to search like Server 2010 or 2012 27 162
DNS/WINS in a domain 10 96
Blocking outside IP Addresses 16 130
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question