Solved

Group policy local auditing not working

Posted on 2014-07-22
10
1,273 Views
Last Modified: 2014-07-24
OK, Windows 2008 forest level, 2008 and 2008 R2 domain controllers.

Using GPMC setting "computer configuration/policies/security settings/local policies/audit policy" trying to setup various auditing. After setting various auditing options I've done a gpupdate /force and I also have rebooted the DC's Auditing is only set on the 2008 DC but not on the 2008R2. What can I do about this?

Thanks.
Richard.
0
Comment
Question by:RichardPWolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 22

Expert Comment

by:dan_blagut
ID: 40213444
Hello

For  2008 R2 the local settings\auditpolicy option is canceled when you set one of fine audit option in the Advanced audit policy configuration. It is ok for both by default, but when you modify one in advanced section that will take advance.

Dan
0
 

Author Comment

by:RichardPWolf
ID: 40214459
Dan yes I saw that in the documentation. And no I haven't changed anything in the advance area. In truth until this problem arose I didn't even know about the advanced area. Finding that out I found the setting "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" which I set to disabled. What's odd is my only 2k8 DC server picks up the correct settings but none of my 2k8R2 DC servers are set. They all say "no auditing" using auditpol /get /category:* Reading many MS articles and others are saying to use RSOP or GPResult with a grain of salt in reading there results. So I go into the event viewer and look for event IDs for Logon/Logoff and find nothing (verified that my workstation logged into DC that I'm checking logs on).  Maybe I "need" to set the auditing in the advanced area.
0
 
LVL 22

Accepted Solution

by:
dan_blagut earned 250 total points
ID: 40215092
we actually did that and it solved the problem. in fact we can't migrate using admt because of audit. Using advance audit settings solved the problem.

Dan
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:RichardPWolf
ID: 40215192
I'll give it a try. Thanks.
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 40215196
0
 

Author Comment

by:RichardPWolf
ID: 40215224
OK, understand some of what was said but don't understand this comment:

Deleted the CSE from the GPO object's gPCMachineExtensionNames attribute:  

[{F3CCC681-B74C-4060-9F26-CD84535DCA2A}{0F3F3735-573D-9804-99E4-B2A69BA5FD4}]
0
 

Author Comment

by:RichardPWolf
ID: 40215318
OK, used the first fix from Dan and it seems to work. -Mahesh- your fix seems to be a more correct way of fixing the issue however I don't understand part of the blog referenced as noted before. If all is good points will be split.

Keeping fingers crossed.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40216024
Ok what blog saying is according to my understanding, when you configure auditing GPO if you have 2008 and 2008 R2 both, its creating audit.csv file on 2008 R2 servers with empty settings when you create advanced audit policies on 2008 R2 causing it don't apply audit GPO, hence he is deleting that csv file from GPO\machine\windows NT\Audit folder
0
 

Author Comment

by:RichardPWolf
ID: 40216991
Ah. That makes sense (sort of). Anyway applying the auditing settings in both areas appears to have resolved my problem. Thank you both for the assistance. Now I need to find the hair glue to put all my hair back on that I pulled trying to resolve this :)
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 40217485
Sorry but EE don't provide hair glue. Only help...

Have a nice evening.

Dan
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question