Jump to content

IIS6 & Windows 2003 & Audit Polocies

mkennedy.dublin
 Share

Recommended Posts

mkennedy.dublin

mkennedy.dublin

Posted
Posted

Hello All

I cannot see another forum for this, so I hope it is OK to put it here.

I have a problem with local group policies and IIS6. The issue is that on machine reboot, the local group policies, in particular the audit policies are reset to a default. I am running this on windows 2003. Before the reboot I set the policies to:

Audit Account Logon Events - Success, Failure

Audit account management - Success, Failure

Audit directory service access - Failure

Audit logon events - Success, Failure

Audit object access - Success, Failure

Audit policy change - Success, Failure

Audit privilege Use - Failure

Audit process tracking - No auditing

Audit system events - Success, Failure

After the reboot, the policies are reset to:

Audit Account Logon Events - Success, Failure

Audit account management - Success, Failure

Audit directory service access - No auditing

Audit logon events - Success, Failure

Audit object access - No auditing

Audit policy change - Success, Failure

Audit privilege Use - No Auditing

Audit process tracking - Success, Failure

Audit system events - Success, Failure

Have you come across this before and / or do you know any way around this?

Thanks in advance for all help received.

Regards,

Mary


cluberti

cluberti

Posted
Posted
Audit directory service access - Failure

Audit object access - Success, Failure

Audit privilege Use - Failure

Audit process tracking - No auditing

After the reboot, the policies are reset to:

Audit directory service access - No auditing

Audit object access - No auditing

Audit privilege Use - No Auditing

Audit process tracking - Success, Failure

As to the "Audit directory service access" policy, this can only be run against an AD domain controller. Therefore, when the box is booted, since this is likely a standalone server, the policy is reset to no auditing. As to the other settings being reset, is this server a member of a domain with GPO policies that could be setting these on reboot? Also, can you reproduce this issue perhaps on another box or VM built from a retail or OEM CD that is not a part of a domain?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...