• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

system account changing group policy settings

We use Netwrix to report Group Policy changes and have noticed every few weeks the system account is responsible for changing the 'Audit directory service access' setting  under Computer Configuration (Enabled)/Windows Settings/Security Settings/Local Policies/Audit Policy to No auditing.  Is there a legitimate reason that this would be happening?
 netwrix
0
dstewart69
Asked:
dstewart69
  • 2
1 Solution
 
Netman66Commented:
No, this isn't normal behaviour.

Does it ever change back with the System account?

What OS is running on your DCs?

In Server 2008 there is a new subcategory for Directory Service Changes that *might* turn off the legacy setting you have if it is configured, but I don't know if you have a mix of 2003 and 2008 DCs.

You might be able to use Auditpol.exe to see additional details.  This tool also has the ability to modify audit policies, so be careful.

0
 
dstewart69Author Commented:
We have been manually changing it back.
We have just recentely added a 2008 DC but this was happening before that.
I will try the Auditpol.exe and see if I can get any more info.
0
 
dstewart69Author Commented:
No good answer, will just keep manually changing back
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now