Re: Server refreshes its security policy with wrong values

Is the server on a domain at all?
If so it will be picking up the Default Domain policy at the least, whenever
the Group Policy is updated.

The server doesn't need to have AD installed, as GP is used to manage and
secure workstations which don't have AD.

If you are on a domain - run a model to work out what gpo's are being
applied.
You can also run rsop.msc, but the detail isn't as great on the machine. It
will only tell you what policies have been applied - whereas the model will
give you a break down on which policy has won for each setting.


"Alexander Groß" <PLEASEAlexanderGrossREMOVETHIS@xxxxxx> wrote in message
news:uUoVUN1oGHA.1600@xxxxxxxxxxxxxxxxxxxxxxx
Hello everybody,

I've got a new Windows Server 2003 R2 set up. The Audit Policy is set to
enable successful and failed logons. These settings are applied by me but
after some time, i.e. 8 AM the next morning the server logs the following
policy change.

Event ID: 612
User: NT AUTHORITY\SYSTEM
Audit Policy Change:
New Policy:
Success Failure
- - Logon/Logoff
- - Object Access
- - Privilege Use
- - Account Management
- - Policy Change
- + System
- - Detailed Tracking
- - Directory Service Access
- - Account Logon
Changed By:
User Name: ARWEN$
Domain Name: WG
Logon ID: (0x0,0x3E7)

This basically means that my previously applied Logon/Logoff audit was
turned off. I'm not sure which process triggered the update, it seems to
come from a system process as the User Name ARWEN$ (the server name)
suggests.

The server is a standalone server, AD is not installed. Does anyone know
why
this happens and how I could fix the wrong policy update?

Best regards,

Alex
--
_______________________________________

Alexander Groß
Dipl.-Ing. (BA) für Informationstechnik
PLEASEAlexanderGrossREMOVETHIS@xxxxxx
http://www.it99.org/axl/
ICQ# 36765668
_______________________________________




.

Relevant Pages

  • Domain Controller Security Policy errors
    ... Security Policy or the Domain Controller Security Policy. ... The DC is also a print and file server. ... The domain controller for Group Policy operations is not available. ...
    (microsoft.public.win2000.active_directory)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: Security Logon/Logoff Events
    ... I haven't yet set password policy or configured account lockout policy so I ... will do that in due course to fully secure the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Move W2K3 server to its own OU seperate from SBS (MyBusiness) OU
    ... OU and move the member server to so that it does not inherit it's GPO from ... policies from inheriting the default domain policies of the SBS ... section of the default domain policy. ... In direct answer to your question, you would need to filter this ...
    (microsoft.public.windows.server.sbs)
  • Re: Server refreshes its security policy with wrong values
    ... I've got a new Windows Server 2003 R2 set up. ... The Audit Policy is set to ... Audit Policy Change: ... this happens and how I could fix the wrong policy update? ...
    (microsoft.public.windows.server.security)