View New Content
Search Advanced
Search section:

This topic

Forums

Members

Help Files
Members
Forums
More

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Logon Auditing is disabled, some functionality will be unavailabel for this DC

Started by Jon Kidder , May 05 2016 03:34 PM

Logon Auditing is disabled

Please log in to reply

2 replies to this topic

#1 Jon Kidder

Newbie

Members
2 posts

Posted 05 May 2016 - 03:34 PM

I have two DC's on the domain. A 2008R2 and a 2012R2. The 2012 server is reporting Logon auditing disabled. I have followed the policy updates in other posts to resolve this and I can check the GP Results with the following command and get the results below. With the report below I assume this should be working. Thanks in advance.

C:\>auditpol /get /category:*

System audit policy

Category/Subcategory Setting

System

Security System Extension No Auditing

System Integrity No Auditing

IPsec Driver No Auditing

Other System Events No Auditing

Security State Change No Auditing

Logon/Logoff

Logon Success and Failur

Logoff Success and Failur

Account Lockout Success and Failur

IPsec Main Mode Success and Failur

IPsec Quick Mode Success and Failur

IPsec Extended Mode Success and Failur

Special Logon Success and Failur

Other Logon/Logoff Events Success and Failur

Network Policy Server Success and Failur

User / Device Claims No Auditing

Object Access

File System No Auditing

Registry No Auditing

Kernel Object No Auditing

SAM No Auditing

Certification Services No Auditing

Application Generated No Auditing

Handle Manipulation No Auditing

File Share No Auditing

Filtering Platform Packet Drop No Auditing

Filtering Platform Connection No Auditing

Other Object Access Events No Auditing

Detailed File Share No Auditing

Removable Storage No Auditing

Central Policy Staging No Auditing

Privilege Use

Non Sensitive Privilege Use No Auditing

Other Privilege Use Events No Auditing

Sensitive Privilege Use No Auditing

Detailed Tracking

Process Creation No Auditing

Process Termination No Auditing

DPAPI Activity No Auditing

RPC Events No Auditing

Policy Change

Authentication Policy Change No Auditing

Authorization Policy Change No Auditing

MPSSVC Rule-Level Policy Change No Auditing

Filtering Platform Policy Change No Auditing

Other Policy Change Events No Auditing

Audit Policy Change No Auditing

Account Management

User Account Management Success

Computer Account Management Success

Security Group Management Success

Distribution Group Management Success

Application Group Management Success

Other Account Management Events Success

DS Access

Directory Service Changes No Auditing

Directory Service Replication No Auditing

Detailed Directory Service Replication No Auditing

Directory Service Access No Auditing

Account Logon

Kerberos Service Ticket Operations Failure

Other Account Logon Events Failure

Kerberos Authentication Service Failure

Credential Validation Failure

Back to top

#2 jeffb

Advanced Member

Administrators
384 posts

Gender:Male

Posted 06 May 2016 - 01:22 PM

Jon,

It is because ALE only recognizes basic audit configuration and you are using advanced audit configuration. There is nothing wrong with thsi configuration but it will throw a warning in the product.

-Jeff

Back to top

#3 Jon Kidder

Newbie

Members
2 posts

Posted 06 May 2016 - 02:06 PM

Perfect, thanks for the info.

Back to top

Back to Netwrix Account Lockout Examiner