Solved

Auit question for 2008 R2 domain

Posted on 2014-11-12
2
121 Views
Last Modified: 2014-12-01
Hi all,
can someone check what I have done please. I have enabled auditing on the 2008R2 domain but I'm not seeing any account lockouts being recorded. I have opened group policy and the default domain policy and navigated to Computer config, policies, windows settings, security settings, local policies, advanced audit policy configuration and selected "account management and enabled audit user account management, and Logon\logoff and selected audit account lockout and Audit logon and saved policy.

Now I'm thinking, do I need to enable auditing anywhere else?
0
Comment
Question by:Jason Thomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Rizzle earned 500 total points
ID: 40438247
On the DC ensure this is enabled in GP.

Group Policy Management Editor > Default Domain Policy  > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy

Set the Audit account log on events, directory services access, logon events to "failure". account management is already set to "Success, Failure".

Then do a GPUPDATE on your clients and see if the account logon failures appear in the event log on the DC. We use AD Manager and AD Audit to monitor account lockouts/changes to service accounts/failed logins.

We find it much more admin friendly to use AD Audit and AD Manager.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 40439519
Thank you for that. What about the settings under Advanced Audit Policy Configuration. Do I need to select anything here?
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question