Server 2003 Enterprise SP1 - the primary domain controller
I began by trying to turn on Object Auditing for my domain. I wanted to see who in my domain accessed what on the server.
So, on the server within AD User and Computers, I right-clicked my domain > properties > Group Policy tab and chose to edit the Default Domain Policy. Under Computer Configuration>Windows Settings>Security Settings>Local Policies>Audit Policy, I set Audit Object Access to Success, Failure. I soon noticed that no object audting was taking place for server objects, but on the workstations, object auditing was being logged.
On the server, from the command prompt, I ran gpedit, and navigated to the same path above, and it shows the setting to be No Auditing and the policy is dithered out. Can not make any changes.
Okay, so gpedit is showing me policy for that machine (the server), and the Domain policy I set in AD was just pushed to all workstations? Is that correct?
If so, how can i set it such that I can audit the shares on the domain for access to objects by workstations?