Link to home
Start Free TrialLog in
Avatar of hypercube
hypercubeFlag for United States of America

asked on

GPO settings aren't applied 100%

I'm developing a GPO that will set Audit Policies.

I've read a few things and have followed various suggestions from https://helpcenter.netwrix.com/Configure_IT_Infrastructure/Windows_Server/WS_Local_Policies.html
I *have* noted that Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object says:
When Advanced Audit Policy Configuration settings are used, the "Audit" Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting under Local Policies \Security Options must also be enabled.
and have Enabled it in the GPO.

gpresult /scope:computer /r says the GPO has been applied.
And, I see that this one rerquired setting above is grayed out and Enabled.  That's what I might expect.
But the remaining settings in Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object are NOT set.
That's puzzling.

Any suggestions would be appreciated!

Just for reference, if there's a better way, all I really want to do is to "reasonably" replace the following script with a GPO:

auditpol /set /category:"Account Logon" /failure:enable /success:enable     
auditpol /set /category:"Account Management" /failure:enable /success:enable  
auditpol /set /category:"DS Access" /failure:enable /success:enable   
auditpol /set /category:"Logon/Logoff" /failure:enable /success:enable 
auditpol /set /category:"Object Access" /failure:enable /success:enable  
auditpol /set /category:"Policy Change" /failure:enable /success:enable   
auditpol /set /category:"Privilege Use" /failure:enable /success:enable   
auditpol /set /category:"Detailed Tracking" /failure:enable /success:enable 
auditpol /set /category:"System" /failure:enable /success:enable 
auditpol /set /subcategory:"Filtering Platform Connection"  /success:disable /failure:enable

Open in new window

Avatar of Hello There
Hello There

Can you see the configured items in the Settings tab in GPMC?

If not, please see this link:
https://www.experts-exchange.com/questions/29174723/File-Share-Policy-in-Advanced-Audit-Configuration-not-applying.html
Avatar of hypercube

ASKER

Hello There:  Thanks!  Yes.  One can see them listed there.
ASKER CERTIFIED SOLUTION
Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
kevinhsieh:  Well, I did create a new GPO for this.  But before I can test it, the "Link an existing GPO" menu item on the OU right click menu is missing.
The reason it was missing was only because of the View mode selected.  I'm not sure how it got that way but it's resolved now.

Anyway, I've gotten past this. There's a new GPO.

It appears that gpedit.msc does NOT reflect the actual settings.  And, that's where I've been looking.
But, command line auditpol DOES it seems and I can see the settings that have been made.

Thanks all!!
Thanks again!!