Re: Domain Audit Policy not applying to one server
From: Beth Bergin (beth.bergin_at_efirstbank.com)
Date: 04/29/04
- Next message: Mike: "Re: can't access shared folder"
- Previous message: OIF: "RE: Kerberos Policy Settings"
- In reply to: Steven L Umbach: "Re: Domain Audit Policy not applying to one server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Apr 2004 12:40:43 -0700
I ran netdiag (everything was fine) Then I ran gpresult on the problem
server and also on another server in the domain that is not having the
problem. The only difference I see is between the gpresults is:
Server that isn't receiving properly
The computer received "Security" settings from these GPOs:
Local Group Policy
Revision Number: 27
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Default Domain Policy
Revision Number: 311
Unique Name: {31B2F340-016D-11D2-945F-00C04FB984F9}
Domain Name: DOM.FB
Linked to: Domain (DC=DOM,DC=FB)
Win2KBaseline
Revision Number: 206
Unique Name: {33EA3AD8-3435-448E-868F-9043840DBC7B}
Domain Name: DOM.FB
Linked to: Organizational Unit (OU=CENTRAL,DC=DOM,DC=FB)
Server that is receiving properly
The computer received "Security" settings from these GPOs:
Default Domain Policy
Revision Number: 311
Unique Name: {31B2F340-016D-11D2-945F-00C04FB984F9}
Domain Name: DOM.FB
Linked to: Domain (DC=DOM,DC=FB)
Win2KBaseline
Revision Number: 206
Unique Name: {33EA3AD8-3435-448E-868F-9043840DBC7B}
Domain Name: DOM.FB
Linked to: Organizational Unit (OU=CENTRAL,DC=DOM,DC=FB)
Does the problem have to do with the extra setting (Revision number
27)?
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:<m%zjc.53603$_L6.4186427@attbi_s53>...
> Run netdaig on the problem server to see if all looks well particularly for dns,
> domain membership, and dc list. Then run gpresult on it looking to see where computer
> settings are being applied from and do the same on one of the other servers
> [gpresult] that is working right to see if the results match. It certainly sounds as
> if the local policy is being overridden by a policy with higher precedence. I wonder
> if there is a GPO configured somewhere where the audit policy is being applied for
> those servers that is using filtering to apply only to certain computers via the GPO
> properties/security - read and apply permissions and the problem computer is not
> included or is denied based on group membership or such. Gpresult may be able to
> help track that down. Keep in mind that if there are multiple GPO's for an OU the one
> highest in the list takes precedence. --- Steve
>
>
> "Beth Bergin" <beth.bergin@efirstbank.com> wrote in message
> news:cfd86246.0404271133.485864ec@posting.google.com...
> > The settings are all set to No Auditing under both the Local setting
> > and the Effective setting. It is in the same OU as all the other
> > servers in the domain and is receiving all the other GPO settings we
> > have set to push down from the dc. (user rights assignments, security
> > options all show set under effective settings) This is a member server
> > in the domain, I tried pulling it completely out for a day and putting
> > it back but that did not work. I do see the GP getting applied a
> > couple of times every day (by looking in the event viewer->application
> > log->SceCli. The event says
> >
> > Security policy in the group policy objects are applied successfully
> >
> > What is kind of strange is that if I look at the security Event log
> > everytime the policy refreshes I get to log events. Both are 612
> > Policy Change events. The first one is
> > Audit Policy Change
> > New Policy
> > Success Failure
> > + + Logon/Logoff
> > + + Object Access
> > + + Priviledge Use
> > and so on....
> > Then the next newest entry in the Security log (which according to the
> > log happens at exactly the same time) is also a 612 Policy change
> > event and looks like it changes everything back to not auditing
> > anything
> > Success Failure
> > - - Logon/Logoff
> > - - Object Access
> > - - Priviledge Use
> > and so on...
> > If i set the Audit Policy locally to log events it works until the
> > Domain Security policy is applied. Any thoughts?
> >
> > "GX" <none@none.com> wrote in message
> news:<pTUec.422384$B81.6970909@twister.tampabay.rr.com>...
> > > Beth,
> > >
> > > what setting is it getting? is this on the same OU as the other servers?
> > > Member server or DC?
> > >
> > >
> > > "Beth Bergin" <beth.bergin@efirstbank.com> wrote in message
> > > news:cfd86246.0404130839.699c565b@posting.google.com...
> > > > We have an Active Directory domain that has 19 Windows 2000 servers.
> > > > We apply a GPO from the domain to all the servers and we have one
> > > > server that has just recently stopped getting the Audit Policy
> > > > effective settings from the GPO. All other policies are getting
> > > > applied from the GPO (user rights, security options) Does anyone know
> > > > why this might be happening just on this one server? I tried pulling
> > > > it from the domain and rejoining it but that didn't work.
> > > >
- Next message: Mike: "Re: can't access shared folder"
- Previous message: OIF: "RE: Kerberos Policy Settings"
- In reply to: Steven L Umbach: "Re: Domain Audit Policy not applying to one server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
