Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 579
  • Last Modified:

GP Auditing showing different from gpedit compared to AD

Server 2003 Enterprise SP1 - the primary domain controller

I began by trying to turn on Object Auditing for my domain.  I wanted to see who in my domain accessed what on the server.

So, on the server within AD User and Computers, I right-clicked my domain > properties > Group Policy tab and chose to edit the Default Domain Policy.  Under Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy, I set Audit Object Access to Success, Failure. I soon noticed that no object audting was taking place for server objects, but on the workstations, object auditing was being logged.

On the server, from the command prompt, I ran gpedit, and navigated to the same path above, and it shows the setting to be No Auditing and the policy is dithered out.  Can not make any changes.

Okay, so gpedit is showing me policy for that machine (the server), and the Domain policy I set in AD was just pushed to all workstations?  Is that correct?

If so, how can i set it such that I can audit the shares on the domain for access to objects by workstations?
0
top_rung
Asked:
top_rung
  • 3
  • 2
1 Solution
 
TheCleanerCommented:
If you want the policy to take effect for the DC, you need to change the Default Domain Controller Policy, otherwise just like you said it will be applied to the workstations and the member servers only.
0
 
top_rungAuthor Commented:
So there is my problem I think.  Running gpedit on the server, in theory, I should be able to edit the machine's policy right? The domain controllers that is.

If that is the case, as stated above, it states No Auditing, and the options to set success or failure are dithered out.   I don't quite get it.
0
 
TheCleanerCommented:
Are you talking about editing the DC's local security policy or through a GPO?

The easiest place to change it for your DCs is to log onto the DC, and then:

administrative tools, Domain Controller Security Policy

You should be able to change the Auditing options there.
0
 
top_rungAuthor Commented:
Bingo Thanks!  I can edit them that way.

Therein is where my understadnig has fallen apart.  For what is gpedit.msc editing policies for in my scenario?  It shows differnt settings that the Default Domain Policy in AD, and it doesn't seem to show the changes that I make through the Administrative tools.

I guess I really don't know the difference between running gpedit.msc or secpol.msc!  :-|
0
 
TheCleanerCommented:
I would download the group policy management console from MS and install it on the DC.  Then use that tool to create/edit GPOs.  It's much better.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now