Solved

Audit policy in Windows Server 2k3

Posted on 2004-04-23
3
556 Views
Last Modified: 2010-04-19
Hello everybody,

i have a windows server 2k3 configured as a D.C. i was searching about how to configure audit policies, i want that "audit account logon events" and "audit logon events" to be enabled for success & failure, but when i run secpol.msc, i find in security settings/local policies/audit policy that those entries have "no auditing", and also when i click properties, i cannot change them.. they are grey marked , does anybody know wher to make them enabled so i can change them ?

thanx in advance
0
Comment
Question by:SUKHOI_Flanker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 20

Expert Comment

by:What90
ID: 10899209
You need to really use the Active directoy tools for setting the policy for the Domain or the Domain controller. Lookup under admin tools on the DC

These links might help explain what's to do:


http://www.computerperformance.co.uk/w2k3/gp/group_policy_security_audit.htm#Audit%20Logon%20events
http://www.computerperformance.co.uk/w2k3/Security_Audit.htm
0
 

Author Comment

by:SUKHOI_Flanker
ID: 10899426
i've done what u told me, and disonnected from the session , then connect again, and i 've seen the logon/logoff event in event log, it was ok, but when i ran secpol.msc again, audit policies, i've not seen the changes in the 2 policies i've changed.. is it normal?
and also is there another part of the system where i can see more details about logon events ?

thanx
0
 
LVL 20

Accepted Solution

by:
What90 earned 50 total points
ID: 10899718
I take you are doing this from the DC?

If you run secpol from the DC it's effecting the local domain controller only. You need to use the MMC for security in Admin Tools for it to effect other machines/domain.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question