<div>
No, this isn't normal behaviour.<br />
<br />
Does it ever change back with the System account?<br />
<br />
What OS is running on your DCs?<br />
<br />
In Server 2008 there is a new subcategory for Directory Service Changes that *might* turn off the legacy setting you have if it is configured, but I don't know if you have a mix of 2003 and 2008 DCs.<br />
<br />
You might be able to use Auditpol.exe to see additional details. &nbsp;This tool also has the ability to modify audit policies, so be careful.<br />
<br />

</div>


No, this isn't normal behaviour.

Does it ever change back with the System account?

What OS is running on your DCs?

In Server 2008 there is a new subcategory for Directory Service Changes that *might* turn off the legacy setting you have if it is configured, but I don't know if you have a mix of 2003 and 2008 DCs.

You might be able to use Auditpol.exe to see additional details.  This tool also has the ability to modify audit policies, so be careful.



<div>
No good answer, will just keep manually changing back
</div>


No good answer, will just keep manually changing back

<div>
<div class="content wysiwyg-content">
We use Netwrix to report Group Policy changes and have noticed every few weeks the system account is responsible for changing the 'Audit directory service access' setting &nbsp;under Computer Configuration (Enabled)/Windows Settings/Security Settings/Local Policies/Audit Policy to No auditing. &nbsp;Is there a legitimate reason that this would be happening?<br />
&nbsp;<a href="https://filedb.experts-exchange.com/incoming/2011/02_w09/413416/Netwrix.jpg" target="_blank" title="netwrix (57 KB)"><img alt="netwrix" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2011/02_w09/800_413416/Netwrix.jpg" /></a>
</div>
</div>


Netwrix.jpg

We use Netwrix to report Group Policy changes and have noticed every few weeks the system account is responsible for changing the 'Audit directory service access' setting  under Computer Configuration (Enabled)/Windows Settings/Security Settings/Local Policies/Audit Policy to No auditing.  Is there a legitimate reason that this would be happening?
 

system account changing group policy settings

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

IT Administration is the processes and best practices for programming and development, and incorporates methodologies for managing activities and projects. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, extreme programming and various types of agile methodology. The life-cycle "model" is a more general term for a category of methodologies, and a software development "process" a more specific term to refer to a specific process chosen by a specific organization.