Like in http://forum.netwrix...?showtopic=1491, we are getting this warning for all 3 DC's, but I've checked using RSOP and secpol and both of these are enabled:
Audit directory service access and Audit account management options to "Success".
_____________________________________
Log Name: Netwrix Auditor
Source: Active Directory Audit Service
Date: 3/27/2019 1:46:02 PM
Event ID: 2001
Task Category: General
Level: Warning
Keywords: Classic
User: N/A
Computer: DC11.pridedallas.com
Description:
Monitoring Plan: Active Directory
The following error has occurred while processing 'DC11.pridedallas.com':
Auditing of successful Account Management events is not enabled for this DC, so password resets will not be reported. Adjust the audit policy settings automatically using the Active Directory Audit Configuration wizard, or manually. See Netwrix Auditor Installation and Configuration Guide for more information (https://www.netwrix....ation_Guide.pdf).
C:\Windows\system32>auditpol /get /category:*
System audit policy
Category/Subcategory Setting
System
Security System Extension No Auditing
System Integrity Success and Failure
IPsec Driver No Auditing
Other System Events Success and Failure
Security State Change Success
Logon/Logoff
Logon Success and Failure
Logoff Success and Failure
Account Lockout Success and Failure
IPsec Main Mode Success and Failure
IPsec Quick Mode Success and Failure
IPsec Extended Mode Success and Failure
Special Logon Success and Failure
Other Logon/Logoff Events Success and Failure
Network Policy Server Success and Failure
User / Device Claims Success and Failure
Object Access
File System No Auditing
Registry No Auditing
Kernel Object No Auditing
SAM No Auditing
Certification Services No Auditing
Application Generated No Auditing
Handle Manipulation No Auditing
File Share No Auditing
Filtering Platform Packet Drop No Auditing
Filtering Platform Connection No Auditing
Other Object Access Events No Auditing
Detailed File Share No Auditing
Removable Storage No Auditing
Central Policy Staging No Auditing
Privilege Use
Non Sensitive Privilege Use No Auditing
Other Privilege Use Events No Auditing
Sensitive Privilege Use No Auditing
Detailed Tracking
Process Creation No Auditing
Process Termination No Auditing
DPAPI Activity No Auditing
RPC Events No Auditing
Plug and Play Events No Auditing
Policy Change
Authentication Policy Change Success
Authorization Policy Change No Auditing
MPSSVC Rule-Level Policy Change No Auditing
Filtering Platform Policy Change No Auditing
Other Policy Change Events No Auditing
Audit Policy Change Success
Account Management
User Account Management Success
Computer Account Management Success
Security Group Management Success
Distribution Group Management Success
Application Group Management Success
Other Account Management Events Success
DS Access
Directory Service Changes Success and Failure
Directory Service Replication Success and Failure
Detailed Directory Service Replication Success and Failure
Directory Service Access Success and Failure
Account Logon
Kerberos Service Ticket Operations Success and Failure
Other Account Logon Events Success and Failure
Kerberos Authentication Service Success and Failure
Credential Validation Success and Failure
1-949-407-5125
Annotation 2019-03-27 135514.jpg 122.22KB
0 downloads
