Jump to content


Photo

ALE - Displaying auditing not enabled on new Windows 2016 R2 server


  • Please log in to reply
2 replies to this topic

#1 cnenzel

cnenzel

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 01 August 2019 - 09:38 PM

Have checked the server logs and am seeing audit succes/audit failure messages in the logs.  The server is showing with the error:

"Logon Auditing is disabled, some functionality will be unavailable for this DC.  Please turn on Auditing of invalid logons in audit policy settings for this DC.

 

Any thoughts on fixing this issue?  Planning to replace our Server 2008 R2 DC's with this and another Server 2016 R2 DC's in the next few weeks and would like to be able to continue to use ALE to troubleshoot lockout issues, if possible. 

 

Thanks!

 

Chris 



#2 Kirill K

Kirill K

    Advanced Member

  • Administrators
  • PipPipPip
  • 119 posts
  • Gender:Male

Posted 02 August 2019 - 09:18 AM

Hi there,

 

Run the following command to review effective audit policies on a domain controller:

auditpol /get /category:*

 

If a policy is missing then apply it via Group Policy Object.


Best regards,
Forum Engineer
 


#3 cnenzel

cnenzel

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 07 August 2019 - 09:52 PM

See below please.  Looks like everything that should be enabled is...

 

System audit policy
Category/Subcategory                      Setting
System
  Security System Extension               No Auditing
  System Integrity                        No Auditing
  IPsec Driver                            No Auditing
  Other System Events                     No Auditing
  Security State Change                   Success
Logon/Logoff
  Logon                                   Success and Failure
  Logoff                                  Success and Failure
  Account Lockout                         Success and Failure
  IPsec Main Mode                         Failure
  IPsec Quick Mode                        Failure
  IPsec Extended Mode                     Failure
  Special Logon                           Failure
  Other Logon/Logoff Events               Success and Failure
  Network Policy Server                   Success and Failure
  User / Device Claims                    Failure
  Group Membership                        No Auditing
Object Access
  File System                             No Auditing
  Registry                                No Auditing
  Kernel Object                           No Auditing
  SAM                                     No Auditing
  Certification Services                  No Auditing
  Application Generated                   No Auditing
  Handle Manipulation                     No Auditing
  File Share                              No Auditing
  Filtering Platform Packet Drop          No Auditing
  Filtering Platform Connection           No Auditing
  Other Object Access Events              Success
  Detailed File Share                     No Auditing
  Removable Storage                       No Auditing
  Central Policy Staging                  No Auditing
Privilege Use
  Non Sensitive Privilege Use             No Auditing
  Other Privilege Use Events              No Auditing
  Sensitive Privilege Use                 No Auditing
Detailed Tracking
  Process Creation                        Success
  Process Termination                     Success
  DPAPI Activity                          No Auditing
  RPC Events                              No Auditing
  Plug and Play Events                    No Auditing
  Token Right Adjusted Events             No Auditing
Policy Change
  Audit Policy Change                     Success and Failure
  Authentication Policy Change            Success
  Authorization Policy Change             Success
  MPSSVC Rule-Level Policy Change         Success
  Filtering Platform Policy Change        Success
  Other Policy Change Events              Success
Account Management
  Computer Account Management             Success
  Security Group Management               Success
  Distribution Group Management           Success
  Application Group Management            Success
  Other Account Management Events         Success
  User Account Management                 Success and Failure
DS Access
  Directory Service Access                Success
  Directory Service Changes               Success
  Directory Service Replication           No Auditing
  Detailed Directory Service Replication  No Auditing
Account Logon
  Kerberos Service Ticket Operations      Success and Failure
  Other Account Logon Events              Failure
  Kerberos Authentication Service         Success and Failure
  Credential Validation                   Failure

...and it's not displaying this error on the Server 2008R2 servers that the 2016R2 servers are going to replace. 






0 user(s) are reading this topic

0 members, guests, anonymous users