Solved

Auit question for 2008 R2 domain

Posted on 2014-11-12
2
118 Views
Last Modified: 2014-12-01
Hi all,
can someone check what I have done please. I have enabled auditing on the 2008R2 domain but I'm not seeing any account lockouts being recorded. I have opened group policy and the default domain policy and navigated to Computer config, policies, windows settings, security settings, local policies, advanced audit policy configuration and selected "account management and enabled audit user account management, and Logon\logoff and selected audit account lockout and Audit logon and saved policy.

Now I'm thinking, do I need to enable auditing anywhere else?
0
Comment
Question by:Jason Thomas
2 Comments
 
LVL 13

Accepted Solution

by:
Rizzle earned 500 total points
ID: 40438247
On the DC ensure this is enabled in GP.

Group Policy Management Editor > Default Domain Policy  > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy

Set the Audit account log on events, directory services access, logon events to "failure". account management is already set to "Success, Failure".

Then do a GPUPDATE on your clients and see if the account logon failures appear in the event log on the DC. We use AD Manager and AD Audit to monitor account lockouts/changes to service accounts/failed logins.

We find it much more admin friendly to use AD Audit and AD Manager.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 40439519
Thank you for that. What about the settings under Advanced Audit Policy Configuration. Do I need to select anything here?
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question