2003 DC auditing issue
From: SG (SG_at_discussions.microsoft.com)
Date: 12/09/04
- Next message: Jason: "Re: avoid NTFS or ..."
- Previous message: Ross Smith: "Re: Ridding yourself of FTP malware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Dec 2004 04:19:08 -0800
I have Windows 2003 test machine , and I test auditing policies .
Configuration
========
2003 Domain Controller , with default installation settings .
Symptoms
======
If I configure all audit policies in “Default Domain Controllers Policy” to
“Not configured” ( not “No Auditing” ) – as expected - nothing is audited.
If I then, configure a single ( no matter which one ) Audit Policy ( say
Audit Account Management ) to Audit Success and Audit Failure , as expected
- Account Management events are being log , HOWEVER , Event IDs which belong
to other Security Categories are ALSO being log in Security Event Viewer.
That is – I receive logs for Logon/Logoff , Account logon, Privilege Use and
so on.
Why is this behavior ? I expected to receive only logs sourced by Account
Management policy as it was the only set on.
I used GPMC Results to make sure no other scoped GPOs have auditing enabled.
- Next message: Jason: "Re: avoid NTFS or ..."
- Previous message: Ross Smith: "Re: Ridding yourself of FTP malware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
