Solved

registry settings for audit policies

Posted on 1999-01-07
3
490 Views
Last Modified: 2013-12-23
Under the audit policies for the local user manager on each workstation, there are 7 events with success and failure options. I was trying to find the location of each of these events in the registry but was not able to. Do you have any ideas?
0
Comment
Question by:schurch122297
3 Comments
 
LVL 3

Expert Comment

by:cbo120897
ID: 1568522
You can use sysdiff.exe (ressource kit) to checkout, which changes where made in the registry.

1. PC without policie entrys
2. run sysdiff
3. make the policie entries
4. restart PC
5. run sysdiff again to find out the differences

bye

0
 
LVL 2

Accepted Solution

by:
dlanssens earned 70 total points
ID: 1568523
audit policies are stored in a special registry hive :

HKEY_LOCAL_MACHINE\Security\Policy\PolAdtEv

The values in this hive are modified by User Manager.

Normally, you don't have access to that registry hive, because it is being mapped to other parts of the registry, e.g. HKLM\Security\SAM is mapped to HKLM\SAM.
You can look at that hive however, but you will have to give yourself some extra rights.  As and Administrator, open REGEDT32.
Select the hive HKLM\Security, go to Security-Permissions in the menu, and add Administrators with Full control.

Do this at your own risk !!!!!!!  You will get no support from Microsoft if you mess up the registry.
0
 

Author Comment

by:schurch122297
ID: 1568524
thank you. i shall look into it.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now