none
Problemas con auditoría en servidores RRS feed

  • Pregunta

  • Buen día.

    Estoy teniendo problemas con algunos servidores para auditar ciertos eventos sobre cuentas de dominio. Si reviso mediante rsop.msc las directivas aplicadas en los servidores, las respectivas a la auditoría me aparecen en rojo y es donde me hace referencia a que revise winlogon.log, que les muestro a continuacion:


    Error 0 to send control flag 1 over to server.

    Make a local copy of \\neoris.cxnetworks.net\sysvol\neoris.cxnetworks.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    Make a local copy of \\neoris.cxnetworks.net\sysvol\neoris.cxnetworks.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

    Process GP template gpt00000.inf.

    This is not the last GPO : domain policy is ignored on DC.
    -------------------------------------------
    jueves, 14 de febrero de 2019 11:25:45 a.m.
    Copy undo values to the merged policy.


    ----Un-initialize configuration engine...

    Process GP template gpt00001.dom.
    -------------------------------------------
    jueves, 14 de febrero de 2019 11:25:45 a.m.
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
    SeSystemtimePrivilege must be assigned to administrators. This setting is adjusted.
    SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
    SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
    Configure S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.
    Configure S-1-5-19.
    remove SeChangeNotifyPrivilege.
    remove SeImpersonatePrivilege.
    remove SeCreateGlobalPrivilege.
    Error 50: The request is not supported.
     Configuring some user rights for this account is not supported. Re-attempting configuration by ignoring unsupported operation errors.
    remove SeChangeNotifyPrivilege.
    Configuring SeChangeNotifyPrivilege for this account is not supported.
    remove SeImpersonatePrivilege.
    Configuring SeImpersonatePrivilege for this account is not supported.
    remove SeCreateGlobalPrivilege.
    Configuring SeCreateGlobalPrivilege for this account is not supported.
    Configure S-1-5-21-507921405-1708537768-1957994488-102667.
    Configure S-1-5-21-507921405-1708537768-1957994488-102173.
    Configure S-1-5-21-507921405-1708537768-1957994488-49665.
    Configure S-1-5-21-507921405-1708537768-1957994488-142165.
    Configure S-1-5-20.
    remove SeChangeNotifyPrivilege.
    remove SeImpersonatePrivilege.
    remove SeCreateGlobalPrivilege.
    Error 50: The request is not supported.
     Configuring some user rights for this account is not supported. Re-attempting configuration by ignoring unsupported operation errors.
    remove SeChangeNotifyPrivilege.
    Configuring SeChangeNotifyPrivilege for this account is not supported.
    remove SeImpersonatePrivilege.
    Configuring SeImpersonatePrivilege for this account is not supported.
    remove SeCreateGlobalPrivilege.
    Configuring SeCreateGlobalPrivilege for this account is not supported.
    Configure S-1-5-32-544.
    Configure S-1-5-32-551.
    Configure S-1-5-32-549.
    Configure S-1-5-21-507921405-1708537768-1957994488-102174.
    Configure S-1-5-21-507921405-1708537768-1957994488-102666.
    Configure S-1-5-21-507921405-1708537768-1957994488-62308.
    Configure S-1-5-32-568.
    Configure S-1-5-21-507921405-1708537768-1957994488-51418.
    Configure S-1-5-21-507921405-1708537768-1957994488-76694.
    Configure S-1-5-21-507921405-1708537768-1957994488-49666.
    Configure S-1-5-21-507921405-1708537768-1957994488-142166.
    Configure S-1-5-21-507921405-1708537768-1957994488-65825.
    Configure S-1-5-21-507921405-1708537768-1957994488-45878.
    Configure S-1-5-11.
    Configure S-1-1-0.
    Configure S-1-5-32-554.
    Configure S-1-5-6.
    Configure S-1-5-21-507921405-1708537768-1957994488-76693.
    Configure S-1-5-21-507921405-1708537768-1957994488-115165.
    Configure S-1-5-21-507921405-1708537768-1957994488-95666.
    Configure S-1-5-32-548.
    Configure S-1-5-21-507921405-1708537768-1957994488-512.
    Configure S-1-5-32-550.
    Configure S-1-5-21-507921405-1708537768-1957994488-4765.
    Configure S-1-5-21-507921405-1708537768-1957994488-4719.
    Configure S-1-5-21-507921405-1708537768-1957994488-4720.
    Configure S-1-5-21-507921405-1708537768-1957994488-4718.
    Configure S-1-5-21-507921405-1708537768-1957994488-166421.
    Configure S-1-5-21-507921405-1708537768-1957994488-62996.
    Configure S-1-5-21-507921405-1708537768-1957994488-4839.
    Configure S-1-5-21-507921405-1708537768-1957994488-4837.
    Configure S-1-5-21-507921405-1708537768-1957994488-166324.
    Configure S-1-5-21-507921405-1708537768-1957994488-79006.
    Configure S-1-5-21-507921405-1708537768-1957994488-4783.
    Configure S-1-5-21-507921405-1708537768-1957994488-4779.
    Configure S-1-5-21-507921405-1708537768-1957994488-4775.
    Configure S-1-5-21-507921405-1708537768-1957994488-95777.
    Configure S-1-5-21-507921405-1708537768-1957994488-95772.
    Configure S-1-5-9.
    Configure S-1-5-21-57989841-1715567821-1417001333-8629.
    Configure S-1-5-21-507921405-1708537768-1957994488-12165.
    Configure S-1-5-21-507921405-1708537768-1957994488-153067.

    User Rights configuration was completed successfully.


    ----Configure Security Policy...
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
    Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    Configure machine\system\currentcontrolset\control\lsa\scenoapplylegacyauditpolicy.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
    Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.

    Configuration of Registry Values was completed successfully.
    Legacy audit settings are disabled. Skipped configuration of legacy audit settings.

    Audit/Log configuration was completed successfully.

    Kerberos Policy configuration was completed successfully.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Un-initialize configuration engine...

    this is the last GPO.
    **************************

    Error 0 to send control flag 1 over to server.

    Make a local copy of \\neoris.cxnetworks.net\sysvol\neoris.cxnetworks.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    Make a local copy of \\neoris.cxnetworks.net\sysvol\neoris.cxnetworks.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

    Process GP template gpt00000.inf.

    This is not the last GPO : domain policy is ignored on DC.
    -------------------------------------------
    jueves, 14 de febrero de 2019 11:30:54 a.m.
    Copy undo values to the merged policy.


    ----Un-initialize configuration engine...

    Process GP template gpt00001.dom.
    -------------------------------------------
    jueves, 14 de febrero de 2019 11:30:54 a.m.
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
    SeSystemtimePrivilege must be assigned to administrators. This setting is adjusted.
    SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
    SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
    Configure S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.
    Configure S-1-5-19.
    remove SeChangeNotifyPrivilege.
    remove SeImpersonatePrivilege.
    remove SeCreateGlobalPrivilege.
    Error 50: The request is not supported.
     Configuring some user rights for this account is not supported. Re-attempting configuration by ignoring unsupported operation errors.
    remove SeChangeNotifyPrivilege.
    Configuring SeChangeNotifyPrivilege for this account is not supported.
    remove SeImpersonatePrivilege.
    Configuring SeImpersonatePrivilege for this account is not supported.
    remove SeCreateGlobalPrivilege.
    Configuring SeCreateGlobalPrivilege for this account is not supported.
    Configure S-1-5-21-507921405-1708537768-1957994488-102667.
    Configure S-1-5-21-507921405-1708537768-1957994488-102173.
    Configure S-1-5-21-507921405-1708537768-1957994488-49665.
    Configure S-1-5-21-507921405-1708537768-1957994488-142165.
    Configure S-1-5-20.
    remove SeChangeNotifyPrivilege.
    remove SeImpersonatePrivilege.
    remove SeCreateGlobalPrivilege.
    Error 50: The request is not supported.
     Configuring some user rights for this account is not supported. Re-attempting configuration by ignoring unsupported operation errors.
    remove SeChangeNotifyPrivilege.
    Configuring SeChangeNotifyPrivilege for this account is not supported.
    remove SeImpersonatePrivilege.
    Configuring SeImpersonatePrivilege for this account is not supported.
    remove SeCreateGlobalPrivilege.
    Configuring SeCreateGlobalPrivilege for this account is not supported.
    Configure S-1-5-32-544.
    Configure S-1-5-32-551.
    Configure S-1-5-32-549.
    Configure S-1-5-21-507921405-1708537768-1957994488-102174.
    Configure S-1-5-21-507921405-1708537768-1957994488-102666.
    Configure S-1-5-21-507921405-1708537768-1957994488-62308.
    Configure S-1-5-32-568.
    Configure S-1-5-21-507921405-1708537768-1957994488-51418.
    Configure S-1-5-21-507921405-1708537768-1957994488-76694.
    Configure S-1-5-21-507921405-1708537768-1957994488-49666.
    Configure S-1-5-21-507921405-1708537768-1957994488-142166.
    Configure S-1-5-21-507921405-1708537768-1957994488-65825.
    Configure S-1-5-21-507921405-1708537768-1957994488-45878.
    Configure S-1-5-11.
    Configure S-1-1-0.
    Configure S-1-5-32-554.
    Configure S-1-5-6.
    Configure S-1-5-21-507921405-1708537768-1957994488-76693.
    Configure S-1-5-21-507921405-1708537768-1957994488-115165.
    Configure S-1-5-21-507921405-1708537768-1957994488-95666.
    Configure S-1-5-32-548.
    Configure S-1-5-21-507921405-1708537768-1957994488-512.
    Configure S-1-5-32-550.
    Configure S-1-5-21-507921405-1708537768-1957994488-4765.
    Configure S-1-5-21-507921405-1708537768-1957994488-4719.
    Configure S-1-5-21-507921405-1708537768-1957994488-4720.
    Configure S-1-5-21-507921405-1708537768-1957994488-4718.
    Configure S-1-5-21-507921405-1708537768-1957994488-166421.
    Configure S-1-5-21-507921405-1708537768-1957994488-62996.
    Configure S-1-5-21-507921405-1708537768-1957994488-4839.
    Configure S-1-5-21-507921405-1708537768-1957994488-4837.
    Configure S-1-5-21-507921405-1708537768-1957994488-166324.
    Configure S-1-5-21-507921405-1708537768-1957994488-79006.
    Configure S-1-5-21-507921405-1708537768-1957994488-4783.
    Configure S-1-5-21-507921405-1708537768-1957994488-4779.
    Configure S-1-5-21-507921405-1708537768-1957994488-4775.
    Configure S-1-5-21-507921405-1708537768-1957994488-95777.
    Configure S-1-5-21-507921405-1708537768-1957994488-95772.
    Configure S-1-5-9.
    Configure S-1-5-21-57989841-1715567821-1417001333-8629.
    Configure S-1-5-21-507921405-1708537768-1957994488-12165.
    Configure S-1-5-21-507921405-1708537768-1957994488-153067.

    User Rights configuration was completed successfully.


    ----Configure Security Policy...
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
    Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    Configure machine\system\currentcontrolset\control\lsa\scenoapplylegacyauditpolicy.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
    Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.

    Configuration of Registry Values was completed successfully.
    Legacy audit settings are disabled. Skipped configuration of legacy audit settings.

    Audit/Log configuration was completed successfully.

    Kerberos Policy configuration was completed successfully.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Un-initialize configuration engine...

    this is the last GPO.
    **************************

    Error 0 to send control flag 1 over to server.

    Make a local copy of \\neoris.cxnetworks.net\sysvol\neoris.cxnetworks.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    Make a local copy of \\neoris.cxnetworks.net\sysvol\neoris.cxnetworks.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

    Process GP template gpt00000.inf.

    This is not the last GPO : domain policy is ignored on DC.
    -------------------------------------------
    jueves, 14 de febrero de 2019 11:56:08 a.m.
    Copy undo values to the merged policy.


    ----Un-initialize configuration engine...

    Process GP template gpt00001.dom.
    -------------------------------------------
    jueves, 14 de febrero de 2019 11:56:08 a.m.
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
    SeSystemtimePrivilege must be assigned to administrators. This setting is adjusted.
    SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
    SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
    Configure S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.
    Configure S-1-5-19.
    remove SeChangeNotifyPrivilege.
    remove SeImpersonatePrivilege.
    remove SeCreateGlobalPrivilege.
    Error 50: The request is not supported.
     Configuring some user rights for this account is not supported. Re-attempting configuration by ignoring unsupported operation errors.
    remove SeChangeNotifyPrivilege.
    Configuring SeChangeNotifyPrivilege for this account is not supported.
    remove SeImpersonatePrivilege.
    Configuring SeImpersonatePrivilege for this account is not supported.
    remove SeCreateGlobalPrivilege.
    Configuring SeCreateGlobalPrivilege for this account is not supported.
    Configure S-1-5-21-507921405-1708537768-1957994488-102667.
    Configure S-1-5-21-507921405-1708537768-1957994488-102173.
    Configure S-1-5-21-507921405-1708537768-1957994488-49665.
    Configure S-1-5-21-507921405-1708537768-1957994488-142165.
    Configure S-1-5-20.
    remove SeChangeNotifyPrivilege.
    remove SeImpersonatePrivilege.
    remove SeCreateGlobalPrivilege.
    Error 50: The request is not supported.
     Configuring some user rights for this account is not supported. Re-attempting configuration by ignoring unsupported operation errors.
    remove SeChangeNotifyPrivilege.
    Configuring SeChangeNotifyPrivilege for this account is not supported.
    remove SeImpersonatePrivilege.
    Configuring SeImpersonatePrivilege for this account is not supported.
    remove SeCreateGlobalPrivilege.
    Configuring SeCreateGlobalPrivilege for this account is not supported.
    Configure S-1-5-32-544.
    Configure S-1-5-32-551.
    Configure S-1-5-32-549.
    Configure S-1-5-21-507921405-1708537768-1957994488-102174.
    Configure S-1-5-21-507921405-1708537768-1957994488-102666.
    Configure S-1-5-21-507921405-1708537768-1957994488-62308.
    Configure S-1-5-32-568.
    Configure S-1-5-21-507921405-1708537768-1957994488-51418.
    Configure S-1-5-21-507921405-1708537768-1957994488-76694.
    Configure S-1-5-21-507921405-1708537768-1957994488-49666.
    Configure S-1-5-21-507921405-1708537768-1957994488-142166.
    Configure S-1-5-21-507921405-1708537768-1957994488-65825.
    Configure S-1-5-21-507921405-1708537768-1957994488-45878.
    Configure S-1-5-11.
    Configure S-1-1-0.
    Configure S-1-5-32-554.
    Configure S-1-5-6.
    Configure S-1-5-21-507921405-1708537768-1957994488-76693.
    Configure S-1-5-21-507921405-1708537768-1957994488-115165.
    Configure S-1-5-21-507921405-1708537768-1957994488-95666.
    Configure S-1-5-32-548.
    Configure S-1-5-21-507921405-1708537768-1957994488-512.
    Configure S-1-5-32-550.
    Configure S-1-5-21-507921405-1708537768-1957994488-4765.
    Configure S-1-5-21-507921405-1708537768-1957994488-4719.
    Configure S-1-5-21-507921405-1708537768-1957994488-4720.
    Configure S-1-5-21-507921405-1708537768-1957994488-4718.
    Configure S-1-5-21-507921405-1708537768-1957994488-166421.
    Configure S-1-5-21-507921405-1708537768-1957994488-62996.
    Configure S-1-5-21-507921405-1708537768-1957994488-4839.
    Configure S-1-5-21-507921405-1708537768-1957994488-4837.
    Configure S-1-5-21-507921405-1708537768-1957994488-166324.
    Configure S-1-5-21-507921405-1708537768-1957994488-79006.
    Configure S-1-5-21-507921405-1708537768-1957994488-4783.
    Configure S-1-5-21-507921405-1708537768-1957994488-4779.
    Configure S-1-5-21-507921405-1708537768-1957994488-4775.
    Configure S-1-5-21-507921405-1708537768-1957994488-95777.
    Configure S-1-5-21-507921405-1708537768-1957994488-95772.
    Configure S-1-5-9.
    Configure S-1-5-21-57989841-1715567821-1417001333-8629.
    Configure S-1-5-21-507921405-1708537768-1957994488-12165.
    Configure S-1-5-21-507921405-1708537768-1957994488-153067.

    User Rights configuration was completed successfully.


    ----Configure Security Policy...
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
    Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    Configure machine\system\currentcontrolset\control\lsa\scenoapplylegacyauditpolicy.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
    Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.

    Configuration of Registry Values was completed successfully.
    Legacy audit settings are disabled. Skipped configuration of legacy audit settings.

    Audit/Log configuration was completed successfully.

    Kerberos Policy configuration was completed successfully.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Un-initialize configuration engine...

    this is the last GPO.

    ¿Tienen alguna idea sobre su solucion?

    Gracias, saludos.



    jueves, 14 de febrero de 2019 17:48

Todas las respuestas

  • Hola Erik,

    Has ejecutado el RSOP con elevacion de permisos?

    Que tipo de eventos sobre las cuentas de dominio quieres editar?

    Has configurado correctamente en configuracion del equipo --> configuracion de seguridad --> Configuracion de auditoria avanzada --> Iniciod e sesion de cuentas  --> directivas "Auditar validacion de credenciales,auditar servicio de autenticacion kerberos, ... etc

    Que version de sistema operativo tienes?

    Saludos.


    MCSE Formador y Consultor Microsoft.

    • Propuesto como respuesta eRiver1 jueves, 16 de mayo de 2019 15:46
    jueves, 21 de febrero de 2019 14:25
  • Debido a que no hemos recibido alguna notificación que aún se esté presentando el problema que enuncias en tu consulta  y que la respuesta provista provee un amplio panorama y campo de acción sobre tu duda; vamos a considerar tu duda como resuelta debido a la respuesta apropiada proporcionada  y así proceder a calificar las misma como respuesta.

    No dudes en ampliar más sobre este tema si es que aún lo requirieras o de abrir una nueva consulta en caso de tener alguna situación o necesitarla con algún otro de los productos de Microsoft.

     

    Adicional le invito a consultar los siguientes recursos:

    Guía para formular preguntas en el foro

    Channel 9 - donde puedes encontrar una sección de: Administración de Windows Serveres

     

    Gracias por usar los foros de TechNet.

    Erick Rivera

     ____

     

    Por favor recuerde "Marcar como respuesta" las respuestas que hayan resuelto su problema, es una forma común de reconocer a aquellos que han ayudado, y hace que sea más fácil para los otros visitantes encontrar la solución más tarde.

     

    Microsoft ofrece este servicio de forma gratuita, con la finalidad de ayudar a los usuarios y la ampliación de la base de datos de conocimientos relacionados con los productos y tecnologías de Microsoft.  

     

    Este contenido es proporcionado "tal cual" y no implica ninguna responsabilidad de parte de Microsoft. 


    • Editado eRiver1 jueves, 16 de mayo de 2019 15:46 Grámatica
    jueves, 16 de mayo de 2019 15:46