asked on Server 2012 R2 Security Log Event Viewer not logging
I built a 2012 R2 server which is acting as a DC, DNS, KMS and CA. The Group Policy settings for Default Domain Controllers are as per the attachment yet the security event log shows only a handful of events despite there being numerous issues with one user account being locked out - I have twice gone through the steps: disabling the event log service, rebooting, renaming the security event log file, re-enabling the service and re-booting
which generates a new security event viewer log file but no entries appear after the initial logs. See attachment.
The server is hit by 2 GPO's, DDC and DD. Event logs settings attached.
The GPO's were migrated to this domain from another.
Any further ideas?
DDCSettings.jpg
DDSettings.jpg
SecurityEventViewer.jpg
SecLogProperties.jpg
which generates a new security event viewer log file but no entries appear after the initial logs. See attachment.
The server is hit by 2 GPO's, DDC and DD. Event logs settings attached.
The GPO's were migrated to this domain from another.
Any further ideas?
DDCSettings.jpg
DDSettings.jpg
SecurityEventViewer.jpg
SecLogProperties.jpg
Windows Server 2012
Last Comment
Bash
Do a rsop.msc on your run window and check to see if your GPO have been applied to this DC.
ASKER
Yup did that originally and they are being applied
Hello.
I'm new with this but was reading and would like to learn. This article below led me to think this. His location is different than yours I think or I just don't understand. I looked at your screens and it seems like I want to look in the one labeled "...Security Options" which I believe remains closed in all screens you provided. It sounds like everything is doing what it is set to do, but it is set incorrectly maybe for what you want?
This article describes advice on setting up for auditing for security. As he says, deciding to audit is easy, the harder choice is deciding what to audit.
https://newsignature.com/articles/server-2012-auditing-for-security
What do you think?
I'm new with this but was reading and would like to learn. This article below led me to think this. His location is different than yours I think or I just don't understand. I looked at your screens and it seems like I want to look in the one labeled "...Security Options" which I believe remains closed in all screens you provided. It sounds like everything is doing what it is set to do, but it is set incorrectly maybe for what you want?
This article describes advice on setting up for auditing for security. As he says, deciding to audit is easy, the harder choice is deciding what to audit.
https://newsignature.com/articles/server-2012-auditing-for-security
What do you think?
From a video I just saw the "Advanced Audit Policy Configuration" is way down below "Local Policies"
What I did is sign up for an instant webinar and downloaded it a couple minutes ago and in the first 4 minutes I think it is saying you might be looking at the wrong audit settings.
https://www.ultimatewindowssecurity.com/webinars/register.aspx?id=241
The link has a form, I filled it out, they emailed me the .wmv of the webinar and it's pretty good.
Do you think this is the right track?
Hope so. :-)
What I did is sign up for an instant webinar and downloaded it a couple minutes ago and in the first 4 minutes I think it is saying you might be looking at the wrong audit settings.
https://www.ultimatewindowssecurity.com/webinars/register.aspx?id=241
The link has a form, I filled it out, they emailed me the .wmv of the webinar and it's pretty good.
Do you think this is the right track?
Hope so. :-)
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Expert comment set me in the right direction but I ha to find out further information and conduct further verification myself to confirm behaviour was as described.