?
Solved

Windows Server 2008 Auditing

Posted on 2011-02-24
8
Medium Priority
?
1,203 Views
Last Modified: 2012-05-11
I have installed Active Directory on windows server 2008 R2. On my Domain Controller, When i run the Local security policy, The Auding under
Security Security -> Local Policies -> Audit Policy -> All settings uder Audit polies are greyed out.

From where i can enable these options. Thanks
0
Comment
Question by:Netsol-NOS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 34968610
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34968759
Do not use secpol.msc Configure Auditing policies within "Default Domain Controller" policy.

Regards,
Krzysztof
0
 

Author Comment

by:Netsol-NOS
ID: 34968999
Yes Agreed that default Domain Controller policy should be enabled for auditing. But i can not find the auditing under above mentioned path.

I have attached the default domain policy screen shot which did not show me the auditing that is available under local policy of Domain controller. I have attached the both screeshots.  Default Domain Controller PolicyLocal-security-Policy-of-DC.jpg
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34969097
First, please schedule DC reboot :) After that check if you can see everything (it's odd). If not, probably your DDCP is broken and you need to run DcGPOFix to fix it up and then re-set up them again :(
http://support.microsoft.com/kb/833783

Regards,
Krzysztof
0
 

Author Comment

by:Netsol-NOS
ID: 34969319
The above link applies to Windows server 2003.

Secondly, Is there any option that I can create new Domain Controller policy and link that policy to Domain Controller OU. And will that policy work exactly same as default DC policy.

0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 2000 total points
ID: 34969406
Yes, I know (it was for overwiem, I'm sorry that I wasn't precise)

Nope, you need to use DcGPOFix to restore default settings of Default Domain Controller Policy :(

use this syntax:

dcgpofix /ignoreschema /target:dc

but do this after you reboot DC and it still doesn't work :)

Krzysztof
0
 

Author Comment

by:Netsol-NOS
ID: 34969579
Is there any risk to run this command.

As 900 Users are active into this domain.

Secondly, is there any option that I can unlock the greyed out polices in my local DC policy.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34969614
Nope, you cannot unlock local policies on a DC.
Yes, there is always some risk :) Wait until they will finish work, do System State Backup of that DC and then try. This will reset Default Domain Controller Policy to its default settings. So, if you did any custom settings they will be lost and you need to set up them again.

Krzysztof
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question