Issues with Group policy/local policy on Win 2003 Domain controllers

[Verrona]

Afternoon all. I am having an issue with local policy settings/group policy settings on my works Domain Controllers (DCs).

I have been into the 'Default Domain Controller Security Settings' > 'Local Policy' > 'Audit Policy' > changed 'Audit account logon events' and 'Audit logon events' to success, failure. This then replicated itself to the other DCs within the domain. However, I then did a gpupdate /force (didn't reboot), this had no effect.

I have checked other policies to see if something was overriding the local policy, but myself nor senior members of the team were able to find any policy doing this.

Has anyone else had a similar problem? If the DCs require rebooting, it'll have to be postponed for 7-15 working days so that it can be approved by senior management...

If anyone has any thoughts or any comments, please feel free to share.

Thanks

 

[tlarkin]

You applied the policy to a user group or to a computer group?

 

[Verrona]

The local policy has been applied to the server(s) themselves. Logging onto them via a terminal server.

 

[tlarkin]

Welp, you lost me there. Sorry I am no longer a Windows guy. Been running Unix and OS X servers for the last 4 to 5 years. Before that I was running Windows and Novell servers, but that is a distant memory now!

Have you rebooted? I am not sure what processes it is on the Win servers that refreshes policies but typically at times you need to either log in/out or reboot for them to take affect, or you need to at least kill and restart a few services running.

I guess I need to brush up on my Winders knowledge.

 

[Quiltface]

let me make sure i understand this correctly... you went to DC1 changed the default domain CONTROLLER policy to audit long events to success and failure.... however the other domain controllers dont honor this policy?

have you tried running gpresult on the domain controllers to see what is being applied.... gpupate /force should do the trick as far as them getting the policy....

you might want to also check out the active directory from the other DC's to see if the policy is changed there too... maybe you have a bigger problem... i am going to stop in case im on wrong on your actual issue.

 

[Vipernitrox]

use gpresult or install the gpmc
if those results are correct check the replication between your dc's with replmon.