Avatar of hypercube
hypercube
Flag for United States of America asked on

GPO settings aren't applied 100%

I'm developing a GPO that will set Audit Policies.

I've read a few things and have followed various suggestions from https://helpcenter.netwrix.com/Configure_IT_Infrastructure/Windows_Server/WS_Local_Policies.html
I *have* noted that Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object says:
When Advanced Audit Policy Configuration settings are used, the "Audit" Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting under Local Policies \Security Options must also be enabled.
and have Enabled it in the GPO.

gpresult /scope:computer /r says the GPO has been applied.
And, I see that this one rerquired setting above is grayed out and Enabled.  That's what I might expect.
But the remaining settings in Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object are NOT set.
That's puzzling.

Any suggestions would be appreciated!

Just for reference, if there's a better way, all I really want to do is to "reasonably" replace the following script with a GPO:

auditpol /set /category:"Account Logon" /failure:enable /success:enable     
auditpol /set /category:"Account Management" /failure:enable /success:enable  
auditpol /set /category:"DS Access" /failure:enable /success:enable   
auditpol /set /category:"Logon/Logoff" /failure:enable /success:enable 
auditpol /set /category:"Object Access" /failure:enable /success:enable  
auditpol /set /category:"Policy Change" /failure:enable /success:enable   
auditpol /set /category:"Privilege Use" /failure:enable /success:enable   
auditpol /set /category:"Detailed Tracking" /failure:enable /success:enable 
auditpol /set /category:"System" /failure:enable /success:enable 
auditpol /set /subcategory:"Filtering Platform Connection"  /success:disable /failure:enable

Open in new window

Windows 10Windows Server 2019* auditing* gp1Active Directory

Avatar of undefined
Last Comment
hypercube

8/22/2022 - Mon
Hello There

Can you see the configured items in the Settings tab in GPMC?

If not, please see this link:
https://www.experts-exchange.com/questions/29174723/File-Share-Policy-in-Advanced-Audit-Configuration-not-applying.html
hypercube

ASKER
Hello There:  Thanks!  Yes.  One can see them listed there.
ASKER CERTIFIED SOLUTION
kevinhsieh

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
hypercube

ASKER
kevinhsieh:  Well, I did create a new GPO for this.  But before I can test it, the "Link an existing GPO" menu item on the OU right click menu is missing.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
hypercube

ASKER
The reason it was missing was only because of the View mode selected.  I'm not sure how it got that way but it's resolved now.

Anyway, I've gotten past this. There's a new GPO.

It appears that gpedit.msc does NOT reflect the actual settings.  And, that's where I've been looking.
But, command line auditpol DOES it seems and I can see the settings that have been made.

Thanks all!!
hypercube

ASKER
Thanks again!!