Audit a policy on domain for local users

Mcitp2008
5 pts.
Tags:
Audit Policy
Domain Group Policy
Domain Users
Group Policy
Hey,  please tell me how I can audit a policy on local or domain users. Please give me answer in very easy form.
Asked: Last updated:
Related Questions

Answer Wiki

Thanks. We'll let you know when a new response is added.

You can edit the default domain policy to force domain computers to audit both SUCCESS AND FAILURE “Account Logon Events”, which are AD accounts, as well as “Logon Events”, which are local user accounts.

Local accounts audits are not registered on any DC, only the local computer.

Both of these are found in the same GPO Audit Policy location: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • AshishSingh10
    Hi,
    You can easily audit a policy on domain for local user via specifying a unique category of security related events. Auditing policy can be implemented by an administrator that suits the security needs of the organization.

    Auditing policy implementation on domain has several steps:-
    1. First log on using an administrator account.
    2. Open the Computer tool and Active directory user.
    3. Right-click ON the container which holding  the domain controller and then click it on Properties.
    4. Click the Group Policy tab, and then click Edit to edit the Default Domain Policy.
    5. In the Group Policy window, expand Computer Configuration, navigate to Windows Settings,         
    6. Select Audit Policy.
    7. Now, double-click Audit Directory Service Access policy and choose to enable or disable      successful or failed access attempts.
    8. At last. Click OK. It will take a few minutes for the change to take effect, and other domain controllers will receive the change at the next regular replication interval.

    Thanks & Regards
    Ashish@S




    1,330 pointsBadges:
    report
  • AshishSingh10
    Dear Moderators,

    I am extremely sorry
    I guess due to some technical issue (hardware issue), my answer got posted multiple times. Please ignore this unintentional mistake. I hope that my request will be acknowledged.

    Thanks and Regards
    Ashish@S
    1,330 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: