Solved

Auit question for 2008 R2 domain

Posted on 2014-11-12
2
119 Views
Last Modified: 2014-12-01
Hi all,
can someone check what I have done please. I have enabled auditing on the 2008R2 domain but I'm not seeing any account lockouts being recorded. I have opened group policy and the default domain policy and navigated to Computer config, policies, windows settings, security settings, local policies, advanced audit policy configuration and selected "account management and enabled audit user account management, and Logon\logoff and selected audit account lockout and Audit logon and saved policy.

Now I'm thinking, do I need to enable auditing anywhere else?
0
Comment
Question by:Jason Thomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Rizzle earned 500 total points
ID: 40438247
On the DC ensure this is enabled in GP.

Group Policy Management Editor > Default Domain Policy  > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy

Set the Audit account log on events, directory services access, logon events to "failure". account management is already set to "Success, Failure".

Then do a GPUPDATE on your clients and see if the account logon failures appear in the event log on the DC. We use AD Manager and AD Audit to monitor account lockouts/changes to service accounts/failed logins.

We find it much more admin friendly to use AD Audit and AD Manager.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 40439519
Thank you for that. What about the settings under Advanced Audit Policy Configuration. Do I need to select anything here?
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unable to access folder shares on Netapp 1 26
CAL for Disabled accounts 4 59
Server 2008 R2 has no more space on C: (OS) drive 21 96
Ransomware case 23 111
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question