Solved

Windows Server 2008 Auditing

Posted on 2011-02-24
8
1,172 Views
Last Modified: 2012-05-11
I have installed Active Directory on windows server 2008 R2. On my Domain Controller, When i run the Local security policy, The Auding under
Security Security -> Local Policies -> Audit Policy -> All settings uder Audit polies are greyed out.

From where i can enable these options. Thanks
0
Comment
Question by:Netsol-NOS
  • 4
  • 3
8 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 34968610
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34968759
Do not use secpol.msc Configure Auditing policies within "Default Domain Controller" policy.

Regards,
Krzysztof
0
 

Author Comment

by:Netsol-NOS
ID: 34968999
Yes Agreed that default Domain Controller policy should be enabled for auditing. But i can not find the auditing under above mentioned path.

I have attached the default domain policy screen shot which did not show me the auditing that is available under local policy of Domain controller. I have attached the both screeshots.  Default Domain Controller PolicyLocal-security-Policy-of-DC.jpg
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34969097
First, please schedule DC reboot :) After that check if you can see everything (it's odd). If not, probably your DDCP is broken and you need to run DcGPOFix to fix it up and then re-set up them again :(
http://support.microsoft.com/kb/833783

Regards,
Krzysztof
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Netsol-NOS
ID: 34969319
The above link applies to Windows server 2003.

Secondly, Is there any option that I can create new Domain Controller policy and link that policy to Domain Controller OU. And will that policy work exactly same as default DC policy.

0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34969406
Yes, I know (it was for overwiem, I'm sorry that I wasn't precise)

Nope, you need to use DcGPOFix to restore default settings of Default Domain Controller Policy :(

use this syntax:

dcgpofix /ignoreschema /target:dc

but do this after you reboot DC and it still doesn't work :)

Krzysztof
0
 

Author Comment

by:Netsol-NOS
ID: 34969579
Is there any risk to run this command.

As 900 Users are active into this domain.

Secondly, is there any option that I can unlock the greyed out polices in my local DC policy.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34969614
Nope, you cannot unlock local policies on a DC.
Yes, there is always some risk :) Wait until they will finish work, do System State Backup of that DC and then try. This will reset Default Domain Controller Policy to its default settings. So, if you did any custom settings they will be lost and you need to set up them again.

Krzysztof
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now