Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1212
  • Last Modified:

Windows Server 2008 Auditing

I have installed Active Directory on windows server 2008 R2. On my Domain Controller, When i run the Local security policy, The Auding under
Security Security -> Local Policies -> Audit Policy -> All settings uder Audit polies are greyed out.

From where i can enable these options. Thanks
0
Netsol-NOS
Asked:
Netsol-NOS
  • 4
  • 3
1 Solution
 
JamesSenior Cloud Infrastructure EngineerCommented:
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Do not use secpol.msc Configure Auditing policies within "Default Domain Controller" policy.

Regards,
Krzysztof
0
 
Netsol-NOSAuthor Commented:
Yes Agreed that default Domain Controller policy should be enabled for auditing. But i can not find the auditing under above mentioned path.

I have attached the default domain policy screen shot which did not show me the auditing that is available under local policy of Domain controller. I have attached the both screeshots.  Default Domain Controller PolicyLocal-security-Policy-of-DC.jpg
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Krzysztof PytkoSenior Active Directory EngineerCommented:
First, please schedule DC reboot :) After that check if you can see everything (it's odd). If not, probably your DDCP is broken and you need to run DcGPOFix to fix it up and then re-set up them again :(
http://support.microsoft.com/kb/833783

Regards,
Krzysztof
0
 
Netsol-NOSAuthor Commented:
The above link applies to Windows server 2003.

Secondly, Is there any option that I can create new Domain Controller policy and link that policy to Domain Controller OU. And will that policy work exactly same as default DC policy.

0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Yes, I know (it was for overwiem, I'm sorry that I wasn't precise)

Nope, you need to use DcGPOFix to restore default settings of Default Domain Controller Policy :(

use this syntax:

dcgpofix /ignoreschema /target:dc

but do this after you reboot DC and it still doesn't work :)

Krzysztof
0
 
Netsol-NOSAuthor Commented:
Is there any risk to run this command.

As 900 Users are active into this domain.

Secondly, is there any option that I can unlock the greyed out polices in my local DC policy.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Nope, you cannot unlock local policies on a DC.
Yes, there is always some risk :) Wait until they will finish work, do System State Backup of that DC and then try. This will reset Default Domain Controller Policy to its default settings. So, if you did any custom settings they will be lost and you need to set up them again.

Krzysztof
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now