troubleshooting Question

GPO settings aren't applied 100%

Avatar of hypercube
hypercubeFlag for United States of America asked on
Windows 10Windows Server 2019* auditing* gp1Active Directory
6 Comments1 Solution103 ViewsLast Modified:
I'm developing a GPO that will set Audit Policies.

I've read a few things and have followed various suggestions from https://helpcenter.netwrix.com/Configure_IT_Infrastructure/Windows_Server/WS_Local_Policies.html
I *have* noted that Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object says:
When Advanced Audit Policy Configuration settings are used, the "Audit" Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting under Local Policies \Security Options must also be enabled.
and have Enabled it in the GPO.

gpresult /scope:computer /r says the GPO has been applied.
And, I see that this one rerquired setting above is grayed out and Enabled.  That's what I might expect.
But the remaining settings in Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object are NOT set.
That's puzzling.

Any suggestions would be appreciated!

Just for reference, if there's a better way, all I really want to do is to "reasonably" replace the following script with a GPO:

auditpol /set /category:"Account Logon" /failure:enable /success:enable     
auditpol /set /category:"Account Management" /failure:enable /success:enable  
auditpol /set /category:"DS Access" /failure:enable /success:enable   
auditpol /set /category:"Logon/Logoff" /failure:enable /success:enable 
auditpol /set /category:"Object Access" /failure:enable /success:enable  
auditpol /set /category:"Policy Change" /failure:enable /success:enable   
auditpol /set /category:"Privilege Use" /failure:enable /success:enable   
auditpol /set /category:"Detailed Tracking" /failure:enable /success:enable 
auditpol /set /category:"System" /failure:enable /success:enable 
auditpol /set /subcategory:"Filtering Platform Connection"  /success:disable /failure:enable
ASKER CERTIFIED SOLUTION
kevinhsieh
Network Engineer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros