I am not geting reports for active directory auditor--is manual setting required 5418 https://lepide.com
See How We Help you Protect your Data, Detect and React to Threats Watch Now
Login to Your Account
Untitled Document
+ Reply to Thread
Results 1 to 2 of 2

Thread: I am not geting reports for active directory auditor--is manual setting required

  1. #1
    Junior Member
    Join Date
    Feb 2015

    I am not geting reports for active directory auditor--is manual setting required

    Please help- I am not getting reports for active directory auditor -- Is manual setting required to enable auditing ?
    Last edited by Deb; 12-04-2015 at 10:01 AM.

  2. #2
    Junior Member
    Join Date
    Dec 2015
    Hi - This is Deb from Lepide Technical Support. I would be glad to assist you. Please have a look into the attachement and it gives you step by step guide for manual auditing.

    I would like to inform you that first of all you need to check below things ,if it works then no need to go for manual auditing.
    If it fails, then you can go with Manual auditing.

    Solution :

    1. First of all, when you add Domain to the software for first time, it will ask as per below screenshot to make required changes for Domain auditing.

    Name:  enable auditing manally.png
Views: 370
Size:  36.3 KB

    2. If you will select YES, then it will change necessary changes through software and start auditing.

    NOTE: If you select NO, then you need to do all the processes mentioned above manually and it will not show you anything after selecting the option.Please refer steps I to V for manual auditing selecting No option.

    3. After selecting YES, that it will show you to select Group Policy Object selection dialogue box and then choose Default Domain Controllers Policy among Group Policy Object which is recommended.

    After that click on OK, It will do automatically necessary changes for Domain auditing.

    After making all these options if reports will not come, then follow below steps to manually start auditing:

    Please follow below steps and update us about result :

    STEP I :

    Go to your PDC (Primary Domain controller ) or any Domain Controller ( DC ) machine and run gpmc.msc on Command Prompt.

    Then go to Domain Controllers and right click over Default Domain Controller Policy -> Right click over it and select on Edit -> Go to Computer configuration tab ->Policies ->Windows Settings -> Security settings ->Local policies -> Security options .

    Now on right panel under Policy , select this policy Audit : Force audit policy subcategory setting and change it to ?not configured / not defined? by double click over it -> Inside dialog box, Select Security Policy Setting -> Uncheck Define this policy setting (If you find this is checked ).

    Please refer the screenshot below for reference :-

    Name:  Force not configured.jpg
Views: 394
Size:  241.8 KB

    STEP II :

    On same Default Domain Controller Policy , select and on right panel under Scope tab -> click on Add button ->Type Everyone inside box and add it on authenticated user and save it.

    -> Means you have to add "everyone"(all users) and along with authenticated users

    Name:  everyone add.jpg
Views: 386
Size:  102.0 KB

    STEP III :

    On Default Domain Controller Policy , Go to Advanced Audit policy configuration by selecting Domain Controller -> Default Domain Controller Policy ->Advanced Audit Policy Configuration -> Audit Policies -> Then you need to enable all highlighted policies by Enable all to success and failure to enable audit.

    For enabling policy you need to select one by one from Audit policy -> E.g. Account Logon -> Select and on right panel it will show you subcategory -> Select all subcategory -> Properties -> Policy tab -> Check as per highlighted

    Name:  Adv. policy.jpg
Views: 394
Size:  211.4 KB

    STEP IV :

    Please check this option from Active Directory Users and Computers whether available or not : If yes, just need to cross verify but if not present then do the following :

    Go to Active Directory Users and Computers console -> Right click over Domain -> Select Security tab -> Auditing tab -> Select Add button to add Everyone

    After that, go to Object tab of Everyone and select Apply onto : This Object and all descendant objects

    First check over Full control over Successful and then uncheck highlighted as per screen shot (that is first three and then 7th number Read Permissions )

    Name:  Special permission for everyone.jpg
Views: 388
Size:  148.3 KB

    STEP V :

    After doing all above steps, finally run below command in Command prompt .

    Run -> gpupdate /force on command prompt.

    Please update us with result
    Last edited by Deb; 02-29-2016 at 03:22 AM.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts