How to Enable Auditing in Novell Environment

Posted on 2010-11-09
Last Modified: 2012-05-10
I would like to enable auditing on selected XP Pro computers. Every time I reboot, it seems like Novell writes over the changes.  How can I enable the Audit Policy and have it stay OR is there another way to turn this feature on?

I wanted to do this: start>run>secpol.msc>Local Settings>Audit Policy

Then navigate to shutdown.exe>Rt Click>Properties>Security>Advanced>Auditing, and go from there....

Reboot takes forever as it resets the policies back to a "default".  I am a novice at Novell. We do not use Group Policies or Active Directory.
Question by:cssunetadmin
LVL 19

Expert Comment

ID: 34100043
If you also have Zenworks in your Novell environment it is very well possible that you do have Group policies configured.

What makes you think that Novell has something to do with the resetting of the policy?

Can you check that there isn't anything like DeepFreeze or SteadyState installed?
LVL 30

Expert Comment

ID: 34101211
What version of Netware?
LVL 18

Expert Comment

ID: 34102421
As deroode mentions about ZENworks, can you confirm that the ZENworks management agent might be installed (look in Control Panel | Add/Remove programs)?  If so its possibly a Policy Package with a Windows Group Policy is running on workstation reboot?

Novell doesn't put stuff back at default unless there is some sort of policy setup by someone via ConsoleOne and ZENworks or via Active Directory Users/Computers and Group policy editor and pushed to the workstation.

Novell auditing is more about changes to files/folders on the server or changes to eDirectory objects than it is about watching changes to workstations.

As deroode also mentions do you have DeepFreeze or some other program that caches changes while the box is running and then restores the box back to the default following reboot???


Author Comment

ID: 34107696
Thank you for responding... please check back tomorrow when I can check the network for complete answers to your questions.

I know there is Zenworks running and there is NO deepfreeze or other similar program installed (running). Thank goodness!  We use Console One for computer management - but as I mentioned I am a novice and know enough to get my job done.

The reason why I think it is Novell reverting the back is that turning the auditing on works on machines that do not have Novell installed on them.  

So if group policies were set up (prior to me) where would I find them to change them?  It may be a "default" policy setting that we haven't figured out how to manipulate.  

Here is what I needed to do - which works in our non-Novell systems... turn auditing on (like mentioned in my question) to determine what machine name is sending a remote shutdown to another machine.  The audit log shows this information in non-Novell machines.  

I REALLY appreciate any help you can give me.  And I'll respond again tomorrow when I know the versions, etc. that you had asked for.
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

LVL 19

Expert Comment

ID: 34109734
On your user and workstations objects there is a Zenworks tab. Under this tab is the section "Effective Policies". Select that one, for User objects select the right OS, and click the Effective Policies button. That should show one or more Windows Group Policy objects assigned to your users or workstations.

Group policies in a ZEN environment are implemented as Local policies on the workstation, due to restrictions that are in place on the Group policy mechanism.

Select a Group policy object, click Package Properties, and check out where your group policies are stored, you can also edit them (of course)

BTW Remote shutdown is only possible if a user has administrative rights to a remote computer. If you want to prevent remote shutdown (is this a student environment?) you should do something about that. No policies or auditing will prevent an administrator of messing with a computer, deleting audit logs, changing policies etc.

Author Comment

ID: 34110999
Deroode - thanks for the response - I'm much closer, but need to go a step further.

The version of Console One is 1.3.6h. The version for our clients is 4.91 SP5.

I went to a workstation object > Zenworks Tab > Effective Policies.  Nothing appeared in the window, so I went to the Effective Policies button.  There were about 14 items on the list, two of them were for Windows Group Policy, the policy package is the same (workstation policy), but the association points to and the other to

I clicked on the Package Properties for both and they are the same. Four workstation policies are listed: Novell iPrint, Remote Control, Workstation Imaging, and Zenworks Desktop Management Agent.  The only one enabled with a check mark is Remote Control.

So where do I go from here?

Regarding your BTW comment: Unfortunately, in our school system (yes, student environment) all users are using the same local windows user with admin rights.  They authenticate to Novell with their own user ID.  So, yes, they do have rights to remote to another computer.  Because it is a student environment, we can "redirect" the behavior if we can identify which machine is initiating the shutdown - based on log in times.  The student body knows they aren't supposed to do this and to help them make the right decisions, the Run command and Command Prompt have been removed from menus.  A couple of students are testing their boundaries.
LVL 19

Expert Comment

ID: 34111192
In the Policy packages that are assigned to the workstations, can you also check under the "Policies" tab. Since the Effective policies on the workstation object indicate that Group Policies are active they should be in the policy package. Under Policies select the XP OS  or the NT-2000-XP OS. There you'll find your policies.

Also it might be possible (though unlikely) that policies are distributed with an application object. Look for any application objects that copy files to C:\windows\system32\Grouppolicy.

Author Comment

ID: 34112087
Ah ha - I am so close I can smell it (with your generous help of course!)

A Windows Group Policy is being run on system startup.

I found that the policy was created under an NT platform but is not able to be edited until migrated to the XP platform. That is why folks kept running into roadblocks when trying to edit it. Okay... I'm going to work on this a bit more, but may need your help again later today or tomorrow morning.  
LVL 19

Accepted Solution

deroode earned 500 total points
ID: 34118524
You can of course also delete the NT policy and create a new one.  The policy package details will tell you where the policy files are stored. The policy files themselves are a group of directories (adm, user, machine) with a gpt.ini file. In the ADM directory there's .adm files, in the User and Machine directories there are Registry.pol files.

You can use notepad to get an idea of what is configured in the policy.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now