Netsol-NOS
asked on
Windows Server 2008 Auditing
I have installed Active Directory on windows server 2008 R2. On my Domain Controller, When i run the Local security policy, The Auding under
Security Security -> Local Policies -> Audit Policy -> All settings uder Audit polies are greyed out.
From where i can enable these options. Thanks
Security Security -> Local Policies -> Audit Policy -> All settings uder Audit polies are greyed out.
From where i can enable these options. Thanks
Do not use secpol.msc Configure Auditing policies within "Default Domain Controller" policy.
Regards,
Krzysztof
Regards,
Krzysztof
ASKER
Yes Agreed that default Domain Controller policy should be enabled for auditing. But i can not find the auditing under above mentioned path.
I have attached the default domain policy screen shot which did not show me the auditing that is available under local policy of Domain controller. I have attached the both screeshots. Local-security-Policy-of-DC.jpg
I have attached the default domain policy screen shot which did not show me the auditing that is available under local policy of Domain controller. I have attached the both screeshots. Local-security-Policy-of-DC.jpg
First, please schedule DC reboot :) After that check if you can see everything (it's odd). If not, probably your DDCP is broken and you need to run DcGPOFix to fix it up and then re-set up them again :(
http://support.microsoft.com/kb/833783
Regards,
Krzysztof
http://support.microsoft.com/kb/833783
Regards,
Krzysztof
ASKER
The above link applies to Windows server 2003.
Secondly, Is there any option that I can create new Domain Controller policy and link that policy to Domain Controller OU. And will that policy work exactly same as default DC policy.
Secondly, Is there any option that I can create new Domain Controller policy and link that policy to Domain Controller OU. And will that policy work exactly same as default DC policy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is there any risk to run this command.
As 900 Users are active into this domain.
Secondly, is there any option that I can unlock the greyed out polices in my local DC policy.
As 900 Users are active into this domain.
Secondly, is there any option that I can unlock the greyed out polices in my local DC policy.
Nope, you cannot unlock local policies on a DC.
Yes, there is always some risk :) Wait until they will finish work, do System State Backup of that DC and then try. This will reset Default Domain Controller Policy to its default settings. So, if you did any custom settings they will be lost and you need to set up them again.
Krzysztof
Yes, there is always some risk :) Wait until they will finish work, do System State Backup of that DC and then try. This will reset Default Domain Controller Policy to its default settings. So, if you did any custom settings they will be lost and you need to set up them again.
Krzysztof
http://social.technet.microsoft.com/Forums/en-US/winservermanager/thread/059465f4-a35b-4172-820c-f0c1e0a44d08/