Group policy local auditing not working

OK, Windows 2008 forest level, 2008 and 2008 R2 domain controllers.

Using GPMC setting "computer configuration/policies/security settings/local policies/audit policy" trying to setup various auditing. After setting various auditing options I've done a gpupdate /force and I also have rebooted the DC's Auditing is only set on the 2008 DC but not on the 2008R2. What can I do about this?

Thanks.
Richard.
RichardPWolfAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dan_blagutCommented:
Hello

For  2008 R2 the local settings\auditpolicy option is canceled when you set one of fine audit option in the Advanced audit policy configuration. It is ok for both by default, but when you modify one in advanced section that will take advance.

Dan
0
RichardPWolfAuthor Commented:
Dan yes I saw that in the documentation. And no I haven't changed anything in the advance area. In truth until this problem arose I didn't even know about the advanced area. Finding that out I found the setting "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" which I set to disabled. What's odd is my only 2k8 DC server picks up the correct settings but none of my 2k8R2 DC servers are set. They all say "no auditing" using auditpol /get /category:* Reading many MS articles and others are saying to use RSOP or GPResult with a grain of salt in reading there results. So I go into the event viewer and look for event IDs for Logon/Logoff and find nothing (verified that my workstation logged into DC that I'm checking logs on).  Maybe I "need" to set the auditing in the advanced area.
0
dan_blagutCommented:
we actually did that and it solved the problem. in fact we can't migrate using admt because of audit. Using advance audit settings solved the problem.

Dan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

RichardPWolfAuthor Commented:
I'll give it a try. Thanks.
0
RichardPWolfAuthor Commented:
OK, understand some of what was said but don't understand this comment:

Deleted the CSE from the GPO object's gPCMachineExtensionNames attribute:  

[{F3CCC681-B74C-4060-9F26-CD84535DCA2A}{0F3F3735-573D-9804-99E4-B2A69BA5FD4}]
0
RichardPWolfAuthor Commented:
OK, used the first fix from Dan and it seems to work. -Mahesh- your fix seems to be a more correct way of fixing the issue however I don't understand part of the blog referenced as noted before. If all is good points will be split.

Keeping fingers crossed.
0
MaheshArchitectCommented:
Ok what blog saying is according to my understanding, when you configure auditing GPO if you have 2008 and 2008 R2 both, its creating audit.csv file on 2008 R2 servers with empty settings when you create advanced audit policies on 2008 R2 causing it don't apply audit GPO, hence he is deleting that csv file from GPO\machine\windows NT\Audit folder
0
RichardPWolfAuthor Commented:
Ah. That makes sense (sort of). Anyway applying the auditing settings in both areas appears to have resolved my problem. Thank you both for the assistance. Now I need to find the hair glue to put all my hair back on that I pulled trying to resolve this :)
0
dan_blagutCommented:
Sorry but EE don't provide hair glue. Only help...

Have a nice evening.

Dan
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.