| Author |
Message |
NewsGr
Guest
|
 Posted:
Wed Nov 09, 2005 9:51 pm Post subject:
Auditing on a member server |
|
|
We have auditing set at AD to audit certain failures and success events, but
at a local server we cant get the auditing to log to security log any
auditing events we put in the directory. I tried auding all success/failure
for a certain group, and logged in as a memebr of that group but nothing
gets audited to sec log. Im a bit rustry on this so any tips appreciated.
Also, Our audit policy allows the security log to get up to 16 meg and it is
under 1 meg.
thanx
CR
--
http://QLiner.com
Dilbert's Words of Wisdom: My Reality Check bounced. |
|
| Back to top |
|
 |
Steven L Umbach
Guest
|
| Posted:
Thu Nov 10, 2005 9:51 am Post subject:
Re: Auditing on a member server |
|
|
Look in Local Security Policy [secpol.msc] to make sure that it shows
auditing is enabled as you expect. For Windows 2000 computers look at the
"effective" setting. Sometimes you need to either reboot the computer or
refresh the Group Policy change manually with gpupdate /force [XP/2003] or
secedit /enforce [W2000] to get the GP change to apply. If you are auditing
folders or files you also need to enable auditing of object access first. If
in doubt of what Group Policies are applying to the computer run the support
tool gpresult to find out which will also show the last time the policy was
applied and from what domain controller. Also look in the application log
for any errors or warning for userenv or scecli which could indicate that
Group Policy is not being applied from the domain/OU level. --- Steve
"NewsGr" <Ciava@nospam.net> wrote in message
news:%23%23EyuxW5FHA.3296@TK2MSFTNGP09.phx.gbl...
| Quote: | We have auditing set at AD to audit certain failures and success events,
but at a local server we cant get the auditing to log to security log any
auditing events we put in the directory. I tried auding all
success/failure for a certain group, and logged in as a memebr of that
group but nothing gets audited to sec log. Im a bit rustry on this so
any tips appreciated. Also, Our audit policy allows the security log to
get up to 16 meg and it is under 1 meg.
thanx
CR
--
http://QLiner.com
Dilbert's Words of Wisdom: My Reality Check bounced.
|
|
|
| Back to top |
|
|
Roger Abell [MVP]
Guest
|
| Posted:
Thu Nov 10, 2005 9:51 am Post subject:
Re: Auditing on a member server |
|
|
Would you mind clarifying a couple things ? as I am not
sure what it is that you are trying to accomplish.
Questions/comments inlined with your posting below . . .
"NewsGr" <Ciava@nospam.net> wrote in message
news:%23%23EyuxW5FHA.3296@TK2MSFTNGP09.phx.gbl...
| Quote: | We have auditing set at AD to audit certain failures and success events,
|
do you mean that you are using group policy to enable auditing
of security events in a way that applies to the member machines,
or,
do you mean you have set up to audit upon those certain
failures and successes for specific AD objects
?
| Quote: | but at a local server we cant get the auditing to log to security log any
auditing events we put in the directory. I tried auding all
success/failure for a certain group,
|
If first, and GPO is supposed to be delivering audit log settings
to members then make sure the GPO is being applied to the member;
but, your saying "success/failure for a certain group" implies you
speak of having adjusted the SACL (auditing permissions) of some
specific things - if so, what things? If these are AD objects then you
would see the event records in the logs of the DCs.
| Quote: | and logged in as a memebr of that group but nothing gets audited to sec
log. Im a bit rustry on this so any tips appreciated. Also, Our audit
policy allows the security log to get up to 16 meg and it is under 1 meg.
thanx
CR
--
http://QLiner.com
Dilbert's Words of Wisdom: My Reality Check bounced.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in