Auditing Events

[Guest]

I'm very sorry. I didn't mean to make an empty post. I keyed ENTER too
accidentally before I intended to type the message.

Anyway, I was trying the auditing events with my Windows 2000 Small Business
Server, but I failed to see any event on the log. This was what I did. For
instance, I want to try the logon events. So, I went to the Active Directory
Users and Computers from the Administrative Tools menu, and right-click the
domain name in the console tree. Chose Properties from the shortcut menu,
clicked on the Group Policy tab, and pressed th Edit button. In the left pane
of the Group Policy console, I clicked on Computer Configuration, Windows
Settings, Security Settings, and Local Policies to reach Audit Policy. I
right-clicked on "Audit logon events", and chose Security. Selected the
checkbox to define the settings and the option to audit successful and failed
attempts.

So after enabling the audit event, I went to a computer to login to the
server. Then I log out. I go back to the server, I check the Security Log,
there's nothing reflected on it. What should I do? Thank you.

 

[Florian Frommherz]

Howdy!

Anyway, I was trying the auditing events with my Windows 2000 Small Business
Server, but I failed to see any event on the log. This was what I did. For
instance, I want to try the logon events. So, I went to the Active Directory
Users and Computers from the Administrative Tools menu, and right-click the
domain name in the console tree. Chose Properties from the shortcut menu,

You have to link your auditing policy to the Default Domain Controllers
OU if you want to audit all domain logon attempts. This is, because the
domain controllers accept the user's and computer's logon requests and
are therefore the central place to start auditing.

So after enabling the audit event, I went to a computer to login to the
server. Then I log out. I go back to the server, I check the Security Log,
there's nothing reflected on it.

Please notice, that only the domain controller that proceeds the logon
attempt will write the success/failure into it's security log. If you
have more than one domain controller, you will check all of them to
verify your logging success.

cheers,

Florian

 

[Guest]

Thank you. What about checking who tried to copy some files in a specific
folder? What should I do?

 

[Guest]

By the way how do you link the auditing policy to the Default Domain
Controllers OU?

 

[Andreware]

By the way how do you link the auditing policy to the Default Domain
Controllers OU?

[SNIP]

You edit the Group Policy from the 'Domain Controllers' OU, not the
domain-wide policy. Do exactly what you did before, but instead of
context-clicking the domain in the list, click the 'Domain Controllers' OU.