Hi All,
I've come across an issue when trying to utilize the new Windows 2008 R2 audit function/s when auditing the registry for failure attempts.... basically, I've set up everything up as instructed in the step by step guide/s but its still not playing ball! :(
I've created the domain based GPO/s with appropriate settings configured,
I've enabled the "force audit policy sub category" settings,
I've configured the appropriate SACL on the registry keys/folders etc(All forms of Failure for everyone),
I've denied an account full access to a registry key/folder and then tried to access it....which obviously isnt allowed so it flags up and tells me so....but nothing is registered in the security event log for the failure.
I've run an RSOP/gpresult /H and checked out "auditpol.exe /get /category:*".. all of which show that it is configured appropriately.
I've also tried removing the advanced auditing and going back to using the "basic" audit functions and this works straight off.... but for the life of me I can't get the new audit functions to work! :(
The server is fully patched for all important and critical security updates/service packs...so I dont believe that is the cause of the issue.
Does anybody have any ideas....please! ? I've been working on this for 2 days now and i'm not getting anywhere! :(
Cheers,
Pete