Jump to content


Photo

Auditing of successful Account Management events is not enabled for this DC


  • Please log in to reply
2 replies to this topic

#1 keithdavis

keithdavis

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 27 March 2019 - 06:55 PM

Like in http://forum.netwrix...?showtopic=1491, we are getting this warning for all 3 DC's, but I've checked using RSOP and secpol and both of these are enabled:

 

Audit directory service access and Audit account management options to "Success"

_____________________________________

 

Log Name:      Netwrix Auditor

Source:        Active Directory Audit Service
Date:          3/27/2019 1:46:02 PM
Event ID:      2001
Task Category: General
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      DC11.pridedallas.com
Description:
Monitoring Plan: Active Directory 
 
The following error has occurred while processing 'DC11.pridedallas.com':   
 
Auditing of successful Account Management events is not enabled for this DC, so password resets will not be reported. Adjust the audit policy settings automatically using the Active Directory Audit Configuration wizard, or manually. See Netwrix Auditor Installation and Configuration Guide for more information (https://www.netwrix....ation_Guide.pdf).
 
 

Attached Files



#2 Kirill K

Kirill K

    Advanced Member

  • Administrators
  • PipPipPip
  • 117 posts
  • Gender:Male

Posted 27 March 2019 - 07:33 PM

Hi there,

 

RSOP as well as secpol might give you not accurate result, you may check the effective policies running the following command:

auditpol /get /category:*

 

P.S. command prompt should be running with elevated rights. 


Best regards,
Forum Engineer
 


#3 keithdavis

keithdavis

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 29 March 2019 - 01:49 PM

C:\Windows\system32>auditpol /get /category:*
System audit policy
Category/Subcategory                      Setting
System
  Security System Extension               No Auditing
  System Integrity                        Success and Failure
  IPsec Driver                            No Auditing
  Other System Events                     Success and Failure
  Security State Change                   Success
Logon/Logoff
  Logon                                   Success and Failure
  Logoff                                  Success and Failure
  Account Lockout                         Success and Failure
  IPsec Main Mode                         Success and Failure
  IPsec Quick Mode                        Success and Failure
  IPsec Extended Mode                     Success and Failure
  Special Logon                           Success and Failure
  Other Logon/Logoff Events               Success and Failure
  Network Policy Server                   Success and Failure
  User / Device Claims                    Success and Failure
Object Access
  File System                             No Auditing
  Registry                                No Auditing
  Kernel Object                           No Auditing
  SAM                                     No Auditing
  Certification Services                  No Auditing
  Application Generated                   No Auditing
  Handle Manipulation                     No Auditing
  File Share                              No Auditing
  Filtering Platform Packet Drop          No Auditing
  Filtering Platform Connection           No Auditing
  Other Object Access Events              No Auditing
  Detailed File Share                     No Auditing
  Removable Storage                       No Auditing
  Central Policy Staging                  No Auditing
Privilege Use
  Non Sensitive Privilege Use             No Auditing
  Other Privilege Use Events              No Auditing
  Sensitive Privilege Use                 No Auditing
Detailed Tracking
  Process Creation                        No Auditing
  Process Termination                     No Auditing
  DPAPI Activity                          No Auditing
  RPC Events                              No Auditing
  Plug and Play Events                    No Auditing
Policy Change
  Authentication Policy Change            Success
  Authorization Policy Change             No Auditing
  MPSSVC Rule-Level Policy Change         No Auditing
  Filtering Platform Policy Change        No Auditing
  Other Policy Change Events              No Auditing
  Audit Policy Change                     Success
Account Management
  User Account Management                 Success
  Computer Account Management             Success
  Security Group Management               Success
  Distribution Group Management           Success
  Application Group Management            Success
  Other Account Management Events         Success
DS Access
  Directory Service Changes               Success and Failure
  Directory Service Replication           Success and Failure
  Detailed Directory Service Replication  Success and Failure
  Directory Service Access                Success and Failure
Account Logon
  Kerberos Service Ticket Operations      Success and Failure
  Other Account Logon Events              Success and Failure
  Kerberos Authentication Service         Success and Failure
  Credential Validation                   Success and Failure






0 user(s) are reading this topic

0 members, guests, anonymous users