Home
Certification Preparation
Microsoft
MCSA / MCSE on Windows 2003 General
Server 70-290
Auditing
Mikdilly
Trying to do auditing exercise in mspress book, chapter 6, pg 6-36, configured audit settings, enabled audit policy, did a gpupdate, logged on as user, created file on server, deleted file on server, it never shows an audit log of the file being deleted. It shouldn't matter that the user is in a nested group witihin the group being setup for auditing in the excercise, right? Filtering the log for just the user only shows logon/logoff and directory service access.
Find more posts tagged with
Comments
astorrs
Perform a Resultant Set of Policies (RSoP) against the user and computer and make sure the GPO is being properly applied.
dynamik
You need to enable auditing in the local/group policy and
specify the specific items you want audited
. Definitely start with RSoP.
Mikdilly
Ran the rsop for the user and computer, drilled down to Audit Object Access, there's a big red circle with an x in it. Click on the line and within the Precedence tab of Audit Object Properties it says 'GPO's higher in the list have the highest priority. The policy engine did not atempt to configure the setting. Check winlogon.log on the target machine.
What would be the target machine, the server or workstation?
astorrs
Wherever the object is located. In your case the server.
Mikdilly
Sorry, my fault, I was in the default domain policy when i should have been in domain controller security policy. It worked once file object access was enabled there. Thanks for the help.
astorrs
Easy mistake to make when you're dealing with a "1 server" farm like most 290 labs are.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
