dstewart69
asked on
system account changing group policy settings
We use Netwrix to report Group Policy changes and have noticed every few weeks the system account is responsible for changing the 'Audit directory service access' setting under Computer Configuration (Enabled)/Windows Settings/Security Settings/Local Policies/Audit Policy to No auditing. Is there a legitimate reason that this would be happening?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No good answer, will just keep manually changing back
Does it ever change back with the System account?
What OS is running on your DCs?
In Server 2008 there is a new subcategory for Directory Service Changes that *might* turn off the legacy setting you have if it is configured, but I don't know if you have a mix of 2003 and 2008 DCs.
You might be able to use Auditpol.exe to see additional details. This tool also has the ability to modify audit policies, so be careful.