Thursday, August 30, 2012 5:10 AM
We have almost all our Windows servers versions are 2008 R2. All DCs are Windows 2008 R2 Enterprise edition. We found that in all our Windows 2008 R2 servers security events are not continuously getting updated. There are frequent breaks of 8 hours or 17 hours alike. This is not the same with Application events and System events. They are up-to-date.
Has anybody faced his kind of situation in any of your environment? Please help with your suggestions.
Thursday, August 30, 2012 6:52 AMOne setting we have found which needs to be updated is Generate security audits settings which should have NT AUTHORITY\LOCAL SERVICE and NT A UTHORITY\NETWORK SERVICE accounts permitted. We are planning for this setting through Group Policy and observe.
Tuesday, September 04, 2012 5:58 AM
No. Still not working with the above settings applied. Could anybody help us with this?
Friday, September 14, 2012 1:07 PM
Advanced audit policy should be used for Windows 2008 auditing. If Windows 2003 also exist in the environment, then basic audit policy should also be enabled if auditing is required for Windows 2003. When basic audit policy and advanced audit policy both are enabled in the environment then override policy should be set for advanced policy to override basic audit policy for Windows 2008 auditing.
This started working for us.
- Marked As Answer by GuruPrasadNS Friday, September 14, 2012 1:07 PM
Monday, September 17, 2012 1:59 AMModeratorThank you for sharing your experience with us.