After applying a Windows Security Baseline to the Domain Controllers, or after enabling the Attack Surface Reduction Rule, 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2, Change Auditor no longer audits AD events.
An error similar to the following is logged in the ChangeAuditor.AgentLog.nptlog:
[ERROR][itad2hook::DuplexHolderImpl::InitializeIPC(230)] Error starting pipe client. Unable to open pipe
You need to be signed in and under a current maintenance contract to view premium knowledge articles.