User auditing

[TEK]

User auditing

Hey pals
I am trying to enable user auditing on a Windows 2003 R2 server. I performed
these steps.

1. Sorted my users into OUs
2. Created a new GPO and linked it to selected OU
3. Edited the GPO and enabled auditing on object access and logon events to
log success and failures. Also enabled auditing from security options on
folder properties where data is stored to know who accessed the files, who
deleted them etc.
4. Closed all windows and run command: gpupdate /force
5. Tried to login and write wrong passwords and to create or delete some
files, but nothing relevant comes up on event viewer under security.

I believe I am missing something...any help is greatly appreciated!!

 

[Meinolf Weber [MVP-DS]]

Hello TEK,

See in microsoft.public.windows.server.active_directory and please do not
multipost, use crossposting with a newsreader like outlook express.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Jorge de Almeida Pinto [MVP - DS]]

auditing must be enabled on the DCs through for example the Default Domain
Controllers GPO

then on the OU, through the security TAB, configure auditing for AD related
access

for servers that require auditing at file system level the server hosting
those files/folders must have auditing enabled

see:
http://blogs.dirteam.com/blogs/jorge/archive/2008/04/29/auditing-in-windows-server-2008.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx