I am not geting reports for active directory auditor--is manual setting required - Reply to Topic
Close
Login to Your Account

Reply to Thread

Post a reply to the thread: I am not geting reports for active directory auditor--is manual setting required

Your Message

Click here to log in

What is the latest version of LepideAuditor we launched? (like: 15.2)

 

You may choose an icon for your message from this list

Additional Options

Topic Review (Newest First)

  • 12-02-2015, 02:32 PM
    Deb
    Hi - This is Deb from Lepide Technical Support. I would be glad to assist you. Please have a look into the attachement and it gives you step by step guide for manual auditing.

    ---
    I would like to inform you that first of all you need to check below things ,if it works then no need to go for manual auditing.
    If it fails, then you can go with Manual auditing.

    Solution :

    1. First of all, when you add Domain to the software for first time, it will ask as per below screenshot to make required changes for Domain auditing.

    Attachment 92


    2. If you will select YES, then it will change necessary changes through software and start auditing.

    NOTE: If you select NO, then you need to do all the processes mentioned above manually and it will not show you anything after selecting the option.Please refer steps I to V for manual auditing selecting No option.


    3. After selecting YES, that it will show you to select Group Policy Object selection dialogue box and then choose Default Domain Controllers Policy among Group Policy Object which is recommended.


    After that click on OK, It will do automatically necessary changes for Domain auditing.

    After making all these options if reports will not come, then follow below steps to manually start auditing:



    Please follow below steps and update us about result :


    STEP I :

    Go to your PDC (Primary Domain controller ) or any Domain Controller ( DC ) machine and run gpmc.msc on Command Prompt.

    Then go to Domain Controllers and right click over Default Domain Controller Policy -> Right click over it and select on Edit -> Go to Computer configuration tab ->Policies ->Windows Settings -> Security settings ->Local policies -> Security options .

    Now on right panel under Policy , select this policy Audit : Force audit policy subcategory setting and change it to ?not configured / not defined? by double click over it -> Inside dialog box, Select Security Policy Setting -> Uncheck Define this policy setting (If you find this is checked ).

    Please refer the screenshot below for reference :-

    Attachment 86

    STEP II :

    On same Default Domain Controller Policy , select and on right panel under Scope tab -> click on Add button ->Type Everyone inside box and add it on authenticated user and save it.

    -> Means you have to add "everyone"(all users) and along with authenticated users

    Attachment 89


    STEP III :

    On Default Domain Controller Policy , Go to Advanced Audit policy configuration by selecting Domain Controller -> Default Domain Controller Policy ->Advanced Audit Policy Configuration -> Audit Policies -> Then you need to enable all highlighted policies by Enable all to success and failure to enable audit.

    For enabling policy you need to select one by one from Audit policy -> E.g. Account Logon -> Select and on right panel it will show you subcategory -> Select all subcategory -> Properties -> Policy tab -> Check as per highlighted



    Attachment 91



    STEP IV :

    Please check this option from Active Directory Users and Computers whether available or not : If yes, just need to cross verify but if not present then do the following :

    Go to Active Directory Users and Computers console -> Right click over Domain -> Select Security tab -> Auditing tab -> Select Add button to add Everyone

    After that, go to Object tab of Everyone and select Apply onto : This Object and all descendant objects

    First check over Full control over Successful and then uncheck highlighted as per screen shot (that is first three and then 7th number Read Permissions )


    Attachment 90



    STEP V :

    After doing all above steps, finally run below command in Command prompt .

    Run -> gpupdate /force on command prompt.

    Please update us with result
  • 12-02-2015, 01:58 PM
    Scottf02

    I am not geting reports for active directory auditor--is manual setting required

    Please help- I am not getting reports for active directory auditor -- Is manual setting required to enable auditing ?

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts