Solved

Auit question for 2008 R2 domain

Posted on 2014-11-12
2
114 Views
Last Modified: 2014-12-01
Hi all,
can someone check what I have done please. I have enabled auditing on the 2008R2 domain but I'm not seeing any account lockouts being recorded. I have opened group policy and the default domain policy and navigated to Computer config, policies, windows settings, security settings, local policies, advanced audit policy configuration and selected "account management and enabled audit user account management, and Logon\logoff and selected audit account lockout and Audit logon and saved policy.

Now I'm thinking, do I need to enable auditing anywhere else?
0
Comment
Question by:Jason Thomas
2 Comments
 
LVL 13

Accepted Solution

by:
Rizzle earned 500 total points
ID: 40438247
On the DC ensure this is enabled in GP.

Group Policy Management Editor > Default Domain Policy  > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy

Set the Audit account log on events, directory services access, logon events to "failure". account management is already set to "Success, Failure".

Then do a GPUPDATE on your clients and see if the account logon failures appear in the event log on the DC. We use AD Manager and AD Audit to monitor account lockouts/changes to service accounts/failed logins.

We find it much more admin friendly to use AD Audit and AD Manager.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 40439519
Thank you for that. What about the settings under Advanced Audit Policy Configuration. Do I need to select anything here?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question