scottrosenblatt973
New member
If I use a GPO to configure the auditing of object access on a 2k8R2 server and then check the Local Security Policy of that server, the setting for Audit Object Access (Security/Local/Audit) is listed with a different icon than the rest (the changed icon indicates the settings are in fact being received from GPO) but the Security Setting column does not correctly reflect the policy applied settings (Success, Failure). Instead, it just says No Auditing, just like all the other options that were not set via GPO.
If I double-click on the Audit Object Access setting, the options to configure are grayed out (as they should be) since they're being applied via GPO. So the GPO settings are in fact active but the fact that it doesn't list Success, Failure creates the following problem for me:
I use a program called FileAudit to audit the 2k8R2 in question. The first thing FileAudit does is it looks at the Local Security Policy to see if auditing is enabled or not on the audited machine. When FileAudit sees "No Auditing" instead of "Success, Failure" it fails to work- even though behind the scenes the auditing has been enabled via the GPO. Support from FileAudit has not been able to resolve this since ultimately the issue lies within Windows Server and not their software.
NOTE: This only occurs with the AUDITING settings. Any other changes to the GPO are correctly listed in the Local Security Policy after running gpupdate. So this problem is specific to just the auditing settings being applied- any other changes get the changed icon and grayed out options but also properly list the applied settings. This is what I need to accomplish for the auditing settings to get FileAudit to work.
So anyone have a clue here? I've googled the heck out of this and came up empty. I really need to get this fixed in order to have the auditing program work! Any and all advice is greatly appreciated and I thank any and all responders in advance.
Below is a screen shot of what I'm referring to- where the icon is different but the details are incorrect.
If I double-click on the Audit Object Access setting, the options to configure are grayed out (as they should be) since they're being applied via GPO. So the GPO settings are in fact active but the fact that it doesn't list Success, Failure creates the following problem for me:
I use a program called FileAudit to audit the 2k8R2 in question. The first thing FileAudit does is it looks at the Local Security Policy to see if auditing is enabled or not on the audited machine. When FileAudit sees "No Auditing" instead of "Success, Failure" it fails to work- even though behind the scenes the auditing has been enabled via the GPO. Support from FileAudit has not been able to resolve this since ultimately the issue lies within Windows Server and not their software.
NOTE: This only occurs with the AUDITING settings. Any other changes to the GPO are correctly listed in the Local Security Policy after running gpupdate. So this problem is specific to just the auditing settings being applied- any other changes get the changed icon and grayed out options but also properly list the applied settings. This is what I need to accomplish for the auditing settings to get FileAudit to work.
So anyone have a clue here? I've googled the heck out of this and came up empty. I really need to get this fixed in order to have the auditing program work! Any and all advice is greatly appreciated and I thank any and all responders in advance.
Below is a screen shot of what I'm referring to- where the icon is different but the details are incorrect.
Last edited by a moderator:
