I finally figured it out! Having worked with Win2k Professional and Windows NT, I thought I just needed to configure the Local Security Policy audit settings for the Win2k domain controller. But that's not true. Here's what it took: Control Panel --> Administrative Tools Open "Active Directory Users and Computers" Select "Domain Controllers" - Go to the Actions toolbar item, and select "Properties" Go to the Group Policy Tab, and select "Default Domain Controllers Policy" (or whichever Domain Controllers Policy is used within your environment) Click on the "Edit" button. Then select Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> Audit Policy Put a checkmark in whichever audit policies you want to enable, close the window. At this point I rebooted, but mostly because it was a Windows box, not because it told me to. One of the documents I was reading yesterday said that without the reboot, it would take five minutes for the domain controller to notice its new policy. For a stand-alone system, you can perform the same task by going to the Control Panel, opening "Administrative Tools," Local Security Policy, Local Policies, Audit Policy. If the machine is a member of a domain but not a domain controller, the domain's audit policy takes precedence. Other notes on audit categories and event descriptions are available at http://kubarb.phsx.ukans.edu/~tbird/windows-logging.html which will shortly be linked from the main Log Analysis site. *whew* tbird "I was being patient, but it took too long." - Buffy the Vampire Slayer LogAnalysis: http://kubarb.phsx.ukans.edu/~tbird/log-analysis.html VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 15:26:21 PDT