Windows 2000 Auditing Object Access

Hopefully someone can guide me in the right direction. I am unable to get the
Auditing of Object Access to work. I have enabled object access via the
default domain controllers policy and have set auditing on a particular
object in Active Directory however I never see anything in the security logs
when I try to test by changing, deleting or modifying files. The object has
been set to Audit everything however nothing is showing up in the logs. When
I look at the local security logs is shows no effective permissions for the
audit policy. Can anyone provide me any insight on this ?

Thanks,

Ken

 

Ken,

A Step by step guide from ms:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314955&sd=tech

What are you auditing and what logs are you looking at?

Ian

 

Yes I have that document in hand. I am just trying to get this up an running
I am trying to audit folders for success/failure and I am looking at the
security log in event viewer. The folder has auditing set but when tested by
deleting test folders and creating text files etc nothing shows up in event
viewer.

 

This statement from your original post looks like your problem.

"I have enabled object access via the default domain controllers policy and
have set auditing on a particular
object in Active Directory however I never see anything in the security logs
when I try to test by changing, deleting or modifying files."

The default domain controllers policy applies to domain controllers. You'll
need to configure a policy on an OU which contain the servers which you want
to audit. You could, edit the Default Domain Policy for this, but I suggest
you do it on an OU which contain your servers. Call it "Member Servers".

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

Yes I have that document in hand. I am just trying to get this up an running
I am trying to audit folders for success/failure and I am looking at the
security log in event viewer. The folder has auditing set but when tested by
deleting test folders and creating text files etc nothing shows up in event
viewer.

 

One of the domain controllers is our File and Print server. It is on this
server that I would like to audit files.

I have since noticed/caused another issue while looking at the default
domain policy. Here is my problem.

Anyone happens to know why I am getting "Windows cannot
open template file" when I try to access Default Domain
Policy GPO >Computer Configuration>> Windows Settings>>
Security Settings.


In addition to that, several sub-categories under Security
Settings like Account Policies, Local Policies etc. have
vanished. As a result I can not modify domain-wide
security policies. Sure I can always create a new GPO and
link it with OU or root first priority, but I would rather
like to solve the issue before going for work-arounds.

 

Quick question, has someone edited these policies at one time with Windows
XP (SP2) or Windows 2003 and you are now trying to access them from Windows
2000?

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

One of the domain controllers is our File and Print server. It is on this
server that I would like to audit files.

I have since noticed/caused another issue while looking at the default
domain policy. Here is my problem.

Anyone happens to know why I am getting "Windows cannot
open template file" when I try to access Default Domain
Policy GPO >Computer Configuration>> Windows Settings>>
Security Settings.


In addition to that, several sub-categories under Security
Settings like Account Policies, Local Policies etc. have
vanished. As a result I can not modify domain-wide
security policies. Sure I can always create a new GPO and
link it with OU or root first priority, but I would rather
like to solve the issue before going for work-arounds.

 

These polices are edited most always with XP2 admin machines and have been
doing so for a long while. The Security key is the only one so far coming up
with the message.

I do believe the policy was viewed by the 2000 domain controller and that
brought up the "strings to long error" but nothing was edited. We have not
run the fix on that error yet on the server, mainly because we do no editing
from the server.

Seems like I had no problems untill I tried to view where to go to enable
object access, since I am almost sure this was working a week ago.

Thanks for the continued Help. Let me know if I can provide any more infol

 

This is known problem if you use Windows XP SP2 to edit GP and then view the
policy on a Win2000 DC.

There is a fix for Windows 2003 server and Windows XP pre-SP2, but you have
to call Microsoft. They will give you patch for free. One option is to
upgrade rest of Windows XP to SP2. You can download patch for Windows 2000
here. Note this patch will not work on Windows 2003.

http://www.microsoft.com/downloads/details.aspx?FamilyId=BA478B46-3AF7-4EAF-9CE6-E34EA2C74FAF

Also:
http://support.microsoft.com/default.aspx?kbid=842933

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

These polices are edited most always with XP2 admin machines and have been
doing so for a long while. The Security key is the only one so far coming up
with the message.

I do believe the policy was viewed by the 2000 domain controller and that
brought up the "strings to long error" but nothing was edited. We have not
run the fix on that error yet on the server, mainly because we do no editing
from the server.

Seems like I had no problems untill I tried to view where to go to enable
object access, since I am almost sure this was working a week ago.

Thanks for the continued Help. Let me know if I can provide any more infol