Overview

This article provides a step-by-step process on configuring an audit policy setting for a domain controller.

Process

1. Choose Start > Programs > Administrative Tools > Active Directory Users and Computers.
2. On the View menu, click Advanced Features.
3. Right-click Domain Controllers and then click Properties.
4. Click the Group Policy tab, click the Default Domain Controller Policy and then click Edit.
5. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies and then double-click Audit Policy.
6. In the right pane, right-click Audit Directory Services Access and then click Properties.
7. Click Define These Policy Settings and then click to select one or both of the following check boxes:
   • Success: Click to select this check box to audit successful attempts for the event category.
   • Failure: Click to select this check box to audit failed attempts for the event category.
8. Right-click any other event category that you want to audit and then click Properties.
9. Click OK.
10. Because the changes that you make to your computer's audit policy setting take effect only when the policy setting is propagated or applied to your computer, complete either of the following steps to initiate policy propagation:
    • Type gpupdate/Target:computer at the command prompt and then press Enter.
    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.
11. Open the Security log to view logged events.