Jump to content


Logon Auditing is disabled, some functionality will be unavailabel for this DC

Logon Auditing is disabled

  • Please log in to reply
2 replies to this topic

#1 Jon Kidder

Jon Kidder


  • Members
  • Pip
  • 2 posts

Posted 05 May 2016 - 03:34 PM

I have two DC's on the domain. A 2008R2 and a 2012R2. The 2012 server is reporting Logon auditing disabled. I have followed the policy updates in other posts to resolve this and I  can check the GP Results with the following command and get the results below. With the report below I assume this should be working. Thanks in advance. 


C:\>auditpol /get /category:*
System audit policy
Category/Subcategory                      Setting
  Security System Extension               No Auditing
  System Integrity                                No Auditing
  IPsec Driver                                      No Auditing
  Other System Events                        No Auditing
  Security State Change                      No Auditing
  Logon                                               Success and Failur
  Logoff                                               Success and Failur
  Account Lockout                               Success and Failur
  IPsec Main Mode                              Success and Failur
  IPsec Quick Mode                             Success and Failur
  IPsec Extended Mode                       Success and Failur
  Special Logon                                   Success and Failur
  Other Logon/Logoff Events               Success and Failur
  Network Policy Server                       Success and Failur
  User / Device Claims                         No Auditing
Object Access
  File System                                       No Auditing
  Registry                                            No Auditing
  Kernel Object                                    No Auditing
  SAM                                                  No Auditing
  Certification Services                        No Auditing
  Application Generated                      No Auditing
  Handle Manipulation                         No Auditing
  File Share                                         No Auditing
  Filtering Platform Packet Drop          No Auditing
  Filtering Platform Connection           No Auditing
  Other Object Access Events             No Auditing
  Detailed File Share                           No Auditing
  Removable Storage                          No Auditing
  Central Policy Staging                       No Auditing
Privilege Use
  Non Sensitive Privilege Use             No Auditing
  Other Privilege Use Events              No Auditing
  Sensitive Privilege Use                     No Auditing
Detailed Tracking
  Process Creation                             No Auditing
  Process Termination                        No Auditing
  DPAPI Activity                                  No Auditing
  RPC Events                                     No Auditing
Policy Change
  Authentication Policy Change             No Auditing
  Authorization Policy Change               No Auditing
  MPSSVC Rule-Level Policy Change   No Auditing
  Filtering Platform Policy Change        No Auditing
  Other Policy Change Events              No Auditing
  Audit Policy Change                           No Auditing
Account Management
  User Account Management                 Success
  Computer Account Management         Success
  Security Group Management              Success
  Distribution Group Management         Success
  Application Group Management         Success
  Other Account Management Events   Success
DS Access
  Directory Service Changes                    No Auditing
  Directory Service Replication                 No Auditing
  Detailed Directory Service Replication  No Auditing
  Directory Service Access                      No Auditing
Account Logon
  Kerberos Service Ticket Operations      Failure
  Other Account Logon Events                Failure
  Kerberos Authentication Service          Failure
  Credential Validation                            Failure

#2 jeffb


    Advanced Member

  • Administrators
  • PipPipPip
  • 384 posts
  • Gender:Male

Posted 06 May 2016 - 01:22 PM



It is because ALE only recognizes basic audit configuration and you are using advanced audit configuration.  There is nothing wrong with thsi configuration but it will throw a warning in the product.



#3 Jon Kidder

Jon Kidder


  • Members
  • Pip
  • 2 posts

Posted 06 May 2016 - 02:06 PM

Perfect, thanks for the info. 

0 user(s) are reading this topic

0 members, guests, anonymous users