In other words, setting audit policy by using basic audit policy categories will override the subcategory audit policy settings in Advanced Audit Policy Configuration.
Enabling the Force audit policy subcategory settings Windows Vista or later to override audit policy category settings policy setting allows audit policy to be managed by using subcategories without requiring a change to Group Policy. Lany Zhag. Since top-level policy will usually override any configurations that you make at the subcategory level with the auditpol command.
If the top-level policy has no settings, it will have no settings to override. So the configurations that you make at the subcategory level will apply. In case if we make a decision to remove all the legacy settings and apply only the advanced auditing just to keep things simple, then what will happen to Win servers..? No settings would get applied to these servers at all because they cant read advanced auditing settings..? Office Office Exchange Server.
Not an IT pro? Microsoft Online Services TechCenter. Sign in. Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:.
Introduction to advanced security audit policy settings For more information about the audit policy step-by-step guide, visit the following Microsoft TechNet website:. Audit policy step-by-step guide For more information about advanced security auditing FAQ, visit the following Microsoft TechNet website:. Advanced security auditing FAQ. Need more help? Expand your skills. Get new features first. Was this information helpful? Yes No. Thank you! Any more feedback?
The more you tell us the more we can help. Can you help us improve? Resolved my issue. Clear instructions. It only takes a minute to sign up.
Connect and share knowledge within a single location that is structured and easy to search. I can't believe I did this I set an advanced auditing policy in our GPO and it shut down all of our basic policies. From Technet :. After you apply advanced audit policy settings by using Group Policy, you can only reliably set system audit policy for the computer by using the advanced audit policy settings.
It seems odd to me that there isn't a way to say, "Nevermind, roll back to basic auditing". We won't be restoring the whole network to old backups as it's been too long since the change was put in place.
A similar question was asked here on serverfault but the answer seems to be "configure advanced auditing to perform the same way". I will do that if I have no other choice, but I would prefer to actually restore basic auditing.
Ok it appears that I found the answer. Important to set the subcategory settings to "Disabled". The technet article linked in the comments for the answer suggests an incorrect configuration That tripped me up for a bit.
Some may be hidden, but they are there!! This appears to have restored auditing to the point it was at prior to enabling advanced auditing on our network. Actually for me, all it took was to roll back the Registry setting; that set the subcategories back to "Not Audited".
To bear this out, I 1st dumped the advanced subcat settings to a CSV: auditpol. Sign up to join this community.
0コメント