Solved

How to Enable Auditing in Novell Environment

Posted on 2010-11-09
9
1,013 Views
Last Modified: 2012-05-10
I would like to enable auditing on selected XP Pro computers. Every time I reboot, it seems like Novell writes over the changes.  How can I enable the Audit Policy and have it stay OR is there another way to turn this feature on?

I wanted to do this: start>run>secpol.msc>Local Settings>Audit Policy
http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToEnableAuditing.html

Then navigate to shutdown.exe>Rt Click>Properties>Security>Advanced>Auditing, and go from there....

Reboot takes forever as it resets the policies back to a "default".  I am a novice at Novell. We do not use Group Policies or Active Directory.
0
Comment
Question by:cssunetadmin
9 Comments
 
LVL 19

Expert Comment

by:deroode
ID: 34100043
If you also have Zenworks in your Novell environment it is very well possible that you do have Group policies configured.

What makes you think that Novell has something to do with the resetting of the policy?

Can you check that there isn't anything like DeepFreeze or SteadyState installed?
0
 
LVL 30

Expert Comment

by:pgm554
ID: 34101211
What version of Netware?
0
 
LVL 18

Expert Comment

by:ZENandEmailguy
ID: 34102421
As deroode mentions about ZENworks, can you confirm that the ZENworks management agent might be installed (look in Control Panel | Add/Remove programs)?  If so its possibly a Policy Package with a Windows Group Policy is running on workstation reboot?

Novell doesn't put stuff back at default unless there is some sort of policy setup by someone via ConsoleOne and ZENworks or via Active Directory Users/Computers and Group policy editor and pushed to the workstation.

Novell auditing is more about changes to files/folders on the server or changes to eDirectory objects than it is about watching changes to workstations.

As deroode also mentions do you have DeepFreeze or some other program that caches changes while the box is running and then restores the box back to the default following reboot???

Scott
0
 

Author Comment

by:cssunetadmin
ID: 34107696
Thank you for responding... please check back tomorrow when I can check the network for complete answers to your questions.

I know there is Zenworks running and there is NO deepfreeze or other similar program installed (running). Thank goodness!  We use Console One for computer management - but as I mentioned I am a novice and know enough to get my job done.

The reason why I think it is Novell reverting the back is that turning the auditing on works on machines that do not have Novell installed on them.  

So if group policies were set up (prior to me) where would I find them to change them?  It may be a "default" policy setting that we haven't figured out how to manipulate.  

Here is what I needed to do - which works in our non-Novell systems... turn auditing on (like mentioned in my question) to determine what machine name is sending a remote shutdown to another machine.  The audit log shows this information in non-Novell machines.  

I REALLY appreciate any help you can give me.  And I'll respond again tomorrow when I know the versions, etc. that you had asked for.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 19

Expert Comment

by:deroode
ID: 34109734
On your user and workstations objects there is a Zenworks tab. Under this tab is the section "Effective Policies". Select that one, for User objects select the right OS, and click the Effective Policies button. That should show one or more Windows Group Policy objects assigned to your users or workstations.

Group policies in a ZEN environment are implemented as Local policies on the workstation, due to restrictions that are in place on the Group policy mechanism.

Select a Group policy object, click Package Properties, and check out where your group policies are stored, you can also edit them (of course)

BTW Remote shutdown is only possible if a user has administrative rights to a remote computer. If you want to prevent remote shutdown (is this a student environment?) you should do something about that. No policies or auditing will prevent an administrator of messing with a computer, deleting audit logs, changing policies etc.
0
 

Author Comment

by:cssunetadmin
ID: 34110999
Deroode - thanks for the response - I'm much closer, but need to go a step further.

The version of Console One is 1.3.6h. The version for our clients is 4.91 SP5.

I went to a workstation object > Zenworks Tab > Effective Policies.  Nothing appeared in the window, so I went to the Effective Policies button.  There were about 14 items on the list, two of them were for Windows Group Policy, the policy package is the same (workstation policy), but the association points to zenpcs.xxx.xxx and the other to xxx.xxx.

I clicked on the Package Properties for both and they are the same. Four workstation policies are listed: Novell iPrint, Remote Control, Workstation Imaging, and Zenworks Desktop Management Agent.  The only one enabled with a check mark is Remote Control.

So where do I go from here?

Regarding your BTW comment: Unfortunately, in our school system (yes, student environment) all users are using the same local windows user with admin rights.  They authenticate to Novell with their own user ID.  So, yes, they do have rights to remote to another computer.  Because it is a student environment, we can "redirect" the behavior if we can identify which machine is initiating the shutdown - based on log in times.  The student body knows they aren't supposed to do this and to help them make the right decisions, the Run command and Command Prompt have been removed from menus.  A couple of students are testing their boundaries.
0
 
LVL 19

Expert Comment

by:deroode
ID: 34111192
In the Policy packages that are assigned to the workstations, can you also check under the "Policies" tab. Since the Effective policies on the workstation object indicate that Group Policies are active they should be in the policy package. Under Policies select the XP OS  or the NT-2000-XP OS. There you'll find your policies.

Also it might be possible (though unlikely) that policies are distributed with an application object. Look for any application objects that copy files to C:\windows\system32\Grouppolicy.
0
 

Author Comment

by:cssunetadmin
ID: 34112087
Ah ha - I am so close I can smell it (with your generous help of course!)

A Windows Group Policy is being run on system startup.

I found that the policy was created under an NT platform but is not able to be edited until migrated to the XP platform. That is why folks kept running into roadblocks when trying to edit it. Okay... I'm going to work on this a bit more, but may need your help again later today or tomorrow morning.  
0
 
LVL 19

Accepted Solution

by:
deroode earned 500 total points
ID: 34118524
You can of course also delete the NT policy and create a new one.  The policy package details will tell you where the policy files are stored. The policy files themselves are a group of directories (adm, user, machine) with a gpt.ini file. In the ADM directory there's .adm files, in the User and Machine directories there are Registry.pol files.

You can use notepad to get an idea of what is configured in the policy.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now