Click here to get back home

Auditing on a member server
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Auditing on a member server NewsGr 11-09-2005
Posted by NewsGr on November 9, 2005, 2:30 pm
Please log in for more thread options
 We have auditing set at AD to audit certain failures and success events, but
at a local server we cant get the auditing to log to security log any
auditing events we put in the directory. I tried auding all success/failure
for a certain group, and logged in as a memebr of that group but nothing
gets audited to sec log. Im a bit rustry on this so any tips appreciated.
Also, Our audit policy allows the security log to get up to 16 meg and it is
under 1 meg.

thanx

CR

--
http://QLiner.com

Dilbert's Words of Wisdom: My Reality Check bounced.




Posted by Roger Abell [MVP] on November 9, 2005, 10:01 pm
Please log in for more thread options
 Would you mind clarifying a couple things ? as I am not
sure what it is that you are trying to accomplish.
Questions/comments inlined with your posting below . . .

> We have auditing set at AD to audit certain failures and success events,

do you mean that you are using group policy to enable auditing
of security events in a way that applies to the member machines,
or,
do you mean you have set up to audit upon those certain
failures and successes for specific AD objects
?

> but at a local server we cant get the auditing to log to security log any
> auditing events we put in the directory. I tried auding all
> success/failure for a certain group,

If first, and GPO is supposed to be delivering audit log settings
to members then make sure the GPO is being applied to the member;
but, your saying "success/failure for a certain group" implies you
speak of having adjusted the SACL (auditing permissions) of some
specific things - if so, what things? If these are AD objects then you
would see the event records in the logs of the DCs.

> and logged in as a memebr of that group but nothing gets audited to sec
> log. Im a bit rustry on this so any tips appreciated. Also, Our audit
> policy allows the security log to get up to 16 meg and it is under 1 meg.
>
> thanx
>
> CR
>
> --
> http://QLiner.com
>
> Dilbert's Words of Wisdom: My Reality Check bounced.
>
>




Posted by Steven L Umbach on November 9, 2005, 11:04 pm
Please log in for more thread options
Look in Local Security Policy [secpol.msc] to make sure that it shows
auditing is enabled as you expect. For Windows 2000 computers look at the
"effective" setting. Sometimes you need to either reboot the computer or
refresh the Group Policy change manually with gpupdate /force [XP/2003] or
secedit /enforce [W2000] to get the GP change to apply. If you are auditing
folders or files you also need to enable auditing of object access first. If
in doubt of what Group Policies are applying to the computer run the support
tool gpresult to find out which will also show the last time the policy was
applied and from what domain controller. Also look in the application log
for any errors or warning for userenv or scecli which could indicate that
Group Policy is not being applied from the domain/OU level. --- Steve


> We have auditing set at AD to audit certain failures and success events,
> but at a local server we cant get the auditing to log to security log any
> auditing events we put in the directory. I tried auding all
> success/failure for a certain group, and logged in as a memebr of that
> group but nothing gets audited to sec log. Im a bit rustry on this so
> any tips appreciated. Also, Our audit policy allows the security log to
> get up to 16 meg and it is under 1 meg.
>
> thanx
>
> CR
>
> --
> http://QLiner.com
>
> Dilbert's Words of Wisdom: My Reality Check bounced.
>
>




Similar ThreadsPosted
Should our web server be a domain member? April 7, 2006, 2:44 pm
SMB signing on member server November 26, 2007, 12:40 pm
File Access Auditing on Exchange 2003 Server June 28, 2005, 4:01 am
HELP: Upgrading member server to a DC woes :S December 20, 2006, 8:37 am
HELP: Cannot Login member server (Offline) July 24, 2007, 3:50 pm
Audit windows services in member server October 11, 2006, 2:26 am
W2K3 Member Server unable to resolve domain SIDs October 12, 2006, 11:56 am
plz help to creating a windows server 2003 domain member user April 7, 2007, 3:08 am
Automatic certificate enrollment for local system failed after upgrading member server to domain controller August 25, 2005, 6:11 pm
Login Auditing June 17, 2005, 11:05 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap