-
Titre
How to set up auditing on domain controllers -
Description
How to set up auditing on domain controllers
-
Résolution
To gather the proper information from the security event logs, the information must first be audited. You need to modify the Default Domain Controllers Policy to enable auditing.
To set up auditing on a domain controller
1.Start Active Administrator Console.
2. Select Group Policy | Group Policy Objects.
3. Select Default Domain Controllers Policy, and click Edit.
4. Expand Computer Configuration | Windows Settings | Security Settings | Local Policies, and select Audit Policy.
5. Verify that the following polices are defined. If not, double-click the following policies to edit their Success and Failure settings.
Table. Default domain controller policy settings
Policy Setting Audit logon events [Success, Failure] Audit account logon [Success] Audit account management [Success] Audit directory service access [Success] Audit policy change [Success] Audit system events [Success] 6. Close the Group Policy window.
7. From the command prompt, refresh the Group Policies by typing gpupdate /force.
NOTE: Auditing policy changes may take a long time to take effect. NOTE: If there are issues detecting audit events when monitoring domain controllers, manually set the above audit policies for each type of object using the Microsoft auditpol system utility.