Where this Audit Polciy comming from?

  • Thread starter Thread starter GX
  • Start date Start date
G

GX

Ok, tricky question...

I have 5 DC's (1 local / 4 remote)
40 member servers
300 clients

I'm getting ready to use a 3rd party application (CA eTrust Audit) to define
Audit Policies on my domain.

I went into my loca DC (Win2KSVR SP4) and did the following:
Domain Controllers Security Policies - Not define to all Audit Events
Domain Security Policy - Not define to all Audit Events
Local Security Policy - Not define to all Audit Events

went into cmd prompt and ran:
c:\>Secedit /refreshpolicy machine_policy /enforce

checked the Local Policies and it reads like this:
Local Setting | Effective Setting
No Auditing | Success, Failure for mostly everything

I have checked everything and everywhere I can think about and there is
nothing forcing these policies to the domain...is there's anything I can
do...
any command? any tool? any tip? that can help me out to figure this out????

Desperate...

GX
 
If you have access to the Windows 2000 Resource Kit, you
can run the gpresult tool on the machine in question.
This will tell you where policies are coming from.

Bob
 
I did the gpedit on another server and this came out:
===============================================================
The computer received "Security" settings from these GPOs:

Local Group Policy
Default Domain Policy
Servers

I checked those and they are empty.....any other ideas?

Thanks,
GX
 
in the said:
I went into my loca DC (Win2KSVR SP4) and did the following:
Domain Controllers Security Policies - Not define to all Audit Events
Domain Security Policy - Not define to all Audit Events
Local Security Policy - Not define to all Audit Events
Click to expand...

Your problem is setting it to Not Defined. This means, "I'm not going to
change any setting. If this setting is currently on, I'll leave it on,
if it is currently off, I'll leave it off." Change the settings to
Defined, but don't select Success or Failure. Once those changes have
been applied, you can then set them back to Not Defined.
 
This worked, however, I wanted to let all the policies set to "Not Defined"
and I guess that if I follow the same logical pattern you did it won't set
it to "Not Define" once I have setup the policy to "No Auditing"

I tried the same way you said but it just doesn;t change....
Any other suggestiong to take it back to "Not Defined"?

Thanks,
GX
 
Back
Top