Windows 2000 Auditing Object Access

Discussion in 'Windows Server' started by Ken, Sep 20, 2005.

  1. Ken

    Ken Guest

    Hopefully someone can guide me in the right direction. I am unable to get the
    Auditing of Object Access to work. I have enabled object access via the
    default domain controllers policy and have set auditing on a particular
    object in Active Directory however I never see anything in the security logs
    when I try to test by changing, deleting or modifying files. The object has
    been set to Audit everything however nothing is showing up in the logs. When
    I look at the local security logs is shows no effective permissions for the
    audit policy. Can anyone provide me any insight on this ?

    Thanks,

    Ken
     
    Ken, Sep 20, 2005
    #1
    1. Advertisements

  2. Ken

    Ian Guest

    Ken,

    A Step by step guide from ms:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;314955&sd=tech

    What are you auditing and what logs are you looking at?

    Ian
     
    Ian, Sep 20, 2005
    #2
    1. Advertisements

  3. Ken

    Ken Guest

    Yes I have that document in hand. I am just trying to get this up an running
    I am trying to audit folders for success/failure and I am looking at the
    security log in event viewer. The folder has auditing set but when tested by
    deleting test folders and creating text files etc nothing shows up in event
    viewer.
     
    Ken, Sep 20, 2005
    #3
  4. Ken

    Todd J Heron Guest

    This statement from your original post looks like your problem.

    "I have enabled object access via the default domain controllers policy and
    have set auditing on a particular
    object in Active Directory however I never see anything in the security logs
    when I try to test by changing, deleting or modifying files."

    The default domain controllers policy applies to domain controllers. You'll
    need to configure a policy on an OU which contain the servers which you want
    to audit. You could, edit the Default Domain Policy for this, but I suggest
    you do it on an OU which contain your servers. Call it "Member Servers".

    --
    Todd J Heron, MCSE
    Windows Server 2003/2000/NT; CCA
    ----------------------------------------------------------------------------
    This posting is provided "as is" with no warranties and confers no rights

    Yes I have that document in hand. I am just trying to get this up an running
    I am trying to audit folders for success/failure and I am looking at the
    security log in event viewer. The folder has auditing set but when tested by
    deleting test folders and creating text files etc nothing shows up in event
    viewer.
     
    Todd J Heron, Sep 21, 2005
    #4
  5. Ken

    Ken Guest

    One of the domain controllers is our File and Print server. It is on this
    server that I would like to audit files.

    I have since noticed/caused another issue while looking at the default
    domain policy. Here is my problem.

    Anyone happens to know why I am getting "Windows cannot
    open template file" when I try to access Default Domain
    Policy GPO >Computer Configuration>> Windows Settings>>
    Security Settings.


    In addition to that, several sub-categories under Security
    Settings like Account Policies, Local Policies etc. have
    vanished. As a result I can not modify domain-wide
    security policies. Sure I can always create a new GPO and
    link it with OU or root first priority, but I would rather
    like to solve the issue before going for work-arounds.
     
    Ken, Sep 21, 2005
    #5
  6. Ken

    Todd J Heron Guest

    Quick question, has someone edited these policies at one time with Windows
    XP (SP2) or Windows 2003 and you are now trying to access them from Windows
    2000?

    --
    Todd J Heron, MCSE
    Windows Server 2003/2000/NT; CCA
    ----------------------------------------------------------------------------
    This posting is provided "as is" with no warranties and confers no rights

    One of the domain controllers is our File and Print server. It is on this
    server that I would like to audit files.

    I have since noticed/caused another issue while looking at the default
    domain policy. Here is my problem.

    Anyone happens to know why I am getting "Windows cannot
    open template file" when I try to access Default Domain
    Policy GPO >Computer Configuration>> Windows Settings>>
    Security Settings.


    In addition to that, several sub-categories under Security
    Settings like Account Policies, Local Policies etc. have
    vanished. As a result I can not modify domain-wide
    security policies. Sure I can always create a new GPO and
    link it with OU or root first priority, but I would rather
    like to solve the issue before going for work-arounds.
     
    Todd J Heron, Sep 21, 2005
    #6
  7. Ken

    Ken Guest

    These polices are edited most always with XP2 admin machines and have been
    doing so for a long while. The Security key is the only one so far coming up
    with the message.

    I do believe the policy was viewed by the 2000 domain controller and that
    brought up the "strings to long error" but nothing was edited. We have not
    run the fix on that error yet on the server, mainly because we do no editing
    from the server.

    Seems like I had no problems untill I tried to view where to go to enable
    object access, since I am almost sure this was working a week ago.

    Thanks for the continued Help. Let me know if I can provide any more infol
     
    Ken, Sep 21, 2005
    #7
  8. Ken

    Todd J Heron Guest

    This is known problem if you use Windows XP SP2 to edit GP and then view the
    policy on a Win2000 DC.

    There is a fix for Windows 2003 server and Windows XP pre-SP2, but you have
    to call Microsoft. They will give you patch for free. One option is to
    upgrade rest of Windows XP to SP2. You can download patch for Windows 2000
    here. Note this patch will not work on Windows 2003.

    http://www.microsoft.com/downloads/details.aspx?FamilyId=BA478B46-3AF7-4EAF-9CE6-E34EA2C74FAF

    Also:
    http://support.microsoft.com/default.aspx?kbid=842933

    --
    Todd J Heron, MCSE
    Windows Server 2003/2000/NT; CCA
    ----------------------------------------------------------------------------
    This posting is provided "as is" with no warranties and confers no rights

    These polices are edited most always with XP2 admin machines and have been
    doing so for a long while. The Security key is the only one so far coming up
    with the message.

    I do believe the policy was viewed by the 2000 domain controller and that
    brought up the "strings to long error" but nothing was edited. We have not
    run the fix on that error yet on the server, mainly because we do no editing
    from the server.

    Seems like I had no problems untill I tried to view where to go to enable
    object access, since I am almost sure this was working a week ago.

    Thanks for the continued Help. Let me know if I can provide any more infol
     
    Todd J Heron, Sep 22, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.