Lepide Help Center

Configure manual auditing for Active Directory in Lepide Auditor Suite

Alakesh Barman -

I would like to inform you that first of all you need to check below things ,if it works then no need to go for manual auditing.


If it fails, then you can go with Manual auditing.

Solution :

1. First of all, when you add Domain to the software for first time, it will ask as per below screenshot to make required changes for Domain auditing.

Name:  enable auditing manally.png
Views: 0
Size:  36.3 KB

 

2. If you will select YES, then it will change necessary changes through software and start auditing.

NOTE: If you select NO, then you need to do all the processes mentioned above manually and it will not show you anything after selecting the option.Please refer steps I to V for manual auditing selecting No option.


3. After selecting YES, that it will show you to select Group Policy Object selection dialogue box and then choose Default Domain Controllers Policy among Group Policy Object which is recommended.


After that click on OK, It will do automatically necessary changes for Domain auditing.

After making all these options if reports will not come, then follow below steps to manually start auditing:



Please follow below steps and update us about result :


STEP I :

Go to your PDC (Primary Domain controller ) or any Domain Controller ( DC ) machine and run gpmc.msc on Command Prompt.

Then go to Domain Controllers and right click over Default Domain Controller Policy -> Right click over it and select on Edit -> Go to Computer configuration tab ->Policies ->Windows Settings -> Security settings ->Local policies -> Security options .

Now on right panel under Policy , select this policy Audit : Force audit policy subcategory setting and change it to ?not configured / not defined? by double click over it -> Inside dialog box, Select Security Policy Setting -> Uncheck Define this policy setting (If you find this is checked ).

Please refer the screenshot below for reference :-

Name:  Force not configured.jpg
Views: 0
Size:  241.8 KB

 

STEP II :

On same Default Domain Controller Policy , select and on right panel under Scope tab -> click on Add button ->Type Everyone inside box and add it on authenticated user and save it.

-> Means you have to add "everyone"(all users) and along with authenticated users

Name:  everyone add.jpg
Views: 0
Size:  102.0 KB


STEP III :

On Default Domain Controller Policy , Go to Advanced Audit policy configuration by selecting Domain Controller -> Default Domain Controller Policy ->Advanced Audit Policy Configuration -> Audit Policies -> Then you need to enable all highlighted policies by Enable all to success and failure to enable audit.

For enabling policy you need to select one by one from Audit policy -> E.g. Account Logon -> Select and on right panel it will show you subcategory -> Select all subcategory -> Properties -> Policy tab -> Check as per highlighted



Name:  Adv. policy.jpg
Views: 0
Size:  211.4 KB



STEP IV :

Please check this option from Active Directory Users and Computers whether available or not : If yes, just need to cross verify but if not present then do the following :

Go to Active Directory Users and Computers console -> Right click over Domain -> Select Security tab -> Auditing tab -> Select Add button to add Everyone

After that, go to Object tab of Everyone and select Apply onto : This Object and all descendant objects

First check over Full control over Successful and then uncheck highlighted as per screen shot (that is first three and then 7th number Read Permissions )


Name:  Special permission for everyone.jpg
Views: 0
Size:  148.3 KB


STEP V :

After doing all above steps, finally run below command in Command prompt .

Run -> gpupdate /force on command prompt.

 

 

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk