5136 is not logged anymore Expand / Collapse
Author
Message
Posted 4/3/2016 7:30:59 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 4/4/2016 8:10:56 AM
Posts: 3, Visits: 15
I used to get 5136 for Audit Policy changes in Default Domain Policy but at some 5136 stopped logging in the Event Viewer.
auditpol shows:
DS Access
Directory Service Changes Success and Failure
Directory Service Replication Success and Failure
Detailed Directory Service Replication Success and Failure
Directory Service Access Success and Failure

Then I checked ADSIEdit -> CN=Policies,CN=System,DC=domain auditing settings and they show the following selection for Everyone, This object only:
Write all properties
Modify permissions

Is there anything I'm missing?
Thanks
Post #5184
Posted 4/3/2016 7:48:32 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 4/4/2016 8:10:56 AM
Posts: 3, Visits: 15
Sorry, correction....
CN=Policies,CN=System,DC=domain auditing settings in ADSIEdit show the following selection for user Everyone and Apply onto = Special:
Write all properties
Modify permissions

What does Apply onto Special mean and is it enough to log event 5136?
Also this is happening on Window server 2008 R2 domain controller.
Post #5185
Posted 4/7/2016 8:00:57 AM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 223, Visits: 0
Those audit settings are correct. How do you know that you are not receiving those events anymore?
Post #5190
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 4:46am