Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Auit question for 2008 R2 domain

Posted on 2014-11-12
2
Medium Priority
?
122 Views
Last Modified: 2014-12-01
Hi all,
can someone check what I have done please. I have enabled auditing on the 2008R2 domain but I'm not seeing any account lockouts being recorded. I have opened group policy and the default domain policy and navigated to Computer config, policies, windows settings, security settings, local policies, advanced audit policy configuration and selected "account management and enabled audit user account management, and Logon\logoff and selected audit account lockout and Audit logon and saved policy.

Now I'm thinking, do I need to enable auditing anywhere else?
0
Comment
Question by:Jason Thomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Rizzle earned 2000 total points
ID: 40438247
On the DC ensure this is enabled in GP.

Group Policy Management Editor > Default Domain Policy  > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy

Set the Audit account log on events, directory services access, logon events to "failure". account management is already set to "Success, Failure".

Then do a GPUPDATE on your clients and see if the account logon failures appear in the event log on the DC. We use AD Manager and AD Audit to monitor account lockouts/changes to service accounts/failed logins.

We find it much more admin friendly to use AD Audit and AD Manager.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 40439519
Thank you for that. What about the settings under Advanced Audit Policy Configuration. Do I need to select anything here?
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question