We help IT Professionals succeed at work.

GPO settings aren't applied 100%

High Priority
61 Views
Last Modified: 2020-03-16
I'm developing a GPO that will set Audit Policies.

I've read a few things and have followed various suggestions from https://helpcenter.netwrix.com/Configure_IT_Infrastructure/Windows_Server/WS_Local_Policies.html
I *have* noted that Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object says:
When Advanced Audit Policy Configuration settings are used, the "Audit" Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting under Local Policies \Security Options must also be enabled.
and have Enabled it in the GPO.

gpresult /scope:computer /r says the GPO has been applied.
And, I see that this one rerquired setting above is grayed out and Enabled.  That's what I might expect.
But the remaining settings in Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object are NOT set.
That's puzzling.

Any suggestions would be appreciated!

Just for reference, if there's a better way, all I really want to do is to "reasonably" replace the following script with a GPO:

auditpol /set /category:"Account Logon" /failure:enable /success:enable     
auditpol /set /category:"Account Management" /failure:enable /success:enable  
auditpol /set /category:"DS Access" /failure:enable /success:enable   
auditpol /set /category:"Logon/Logoff" /failure:enable /success:enable 
auditpol /set /category:"Object Access" /failure:enable /success:enable  
auditpol /set /category:"Policy Change" /failure:enable /success:enable   
auditpol /set /category:"Privilege Use" /failure:enable /success:enable   
auditpol /set /category:"Detailed Tracking" /failure:enable /success:enable 
auditpol /set /category:"System" /failure:enable /success:enable 
auditpol /set /subcategory:"Filtering Platform Connection"  /success:disable /failure:enable

Open in new window

Comment
Watch Question

Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Can you see the configured items in the Settings tab in GPMC?

If not, please see this link:
https://www.experts-exchange.com/questions/29174723/File-Share-Policy-in-Advanced-Audit-Configuration-not-applying.html
Fred MarshallPrincipal
CERTIFIED EXPERT

Author

Commented:
Hello There:  Thanks!  Yes.  One can see them listed there.
Network Engineer
CERTIFIED EXPERT
Commented:
Create a NEW GPO and configure the audit settings you want. The following lisk has an example. Note that it shows VERY POOR practice of editing the default domain policy.

https://manuals.gfi.com/en/esm2013administrator/content/acm/topics/config/enablingauditviagpo.htm
Fred MarshallPrincipal
CERTIFIED EXPERT

Author

Commented:
kevinhsieh:  Well, I did create a new GPO for this.  But before I can test it, the "Link an existing GPO" menu item on the OU right click menu is missing.
Fred MarshallPrincipal
CERTIFIED EXPERT

Author

Commented:
The reason it was missing was only because of the View mode selected.  I'm not sure how it got that way but it's resolved now.

Anyway, I've gotten past this. There's a new GPO.

It appears that gpedit.msc does NOT reflect the actual settings.  And, that's where I've been looking.
But, command line auditpol DOES it seems and I can see the settings that have been made.

Thanks all!!
Fred MarshallPrincipal
CERTIFIED EXPERT

Author

Commented:
Thanks again!!