Not Understanding Audit Policy with SCM 8.1 Baseline
We want to configure Audit Policy on all standalone Windows 8.1 computers to log Success and Failure for Logon attempts.
The Beta Baseline for Windows 8.1 contains a setting for this, but it is read only and you cannot change it. Why?
When that baseline is put into effect on the computer with the LocalGPO tool from the command line, Logon attempts are logged. However what is bizarre is that both SecPol.msc and GPEdit.msc fail to see this setting for Audit policy. Why?
Equally bizarre, if you modify the settings for Audit Policy in SecPol.msc and GPEdit.msc, they show as modified, but as soon as you quit and restart those tools, the settings are lost and the items show up as not configured again.
So, I'm not understand the behavior at any level here, which looks quite different than other settings in the Baseline. For other settings, we are able to edit them in the Baseline, and further the local SecPol and GPEdit tools are able to change them.
Will
Turns out this question is actually fairly complicated to answer. The historical "audit policy" contains fewer options than what Windows Vista or later can express. So, for example, instead of just auditing Logon and Logoff with a single setting,
later versions of Windows are able to audit Logon and Logoff through separate settings.
The SCM baseline for 8.1 and the GPEdit both have access to a setting to affect whether Windows uses the historical audit behavior or the newer finer-category "subcategory" settings. Under local policies | security options there is a setting "Audit:
Force audit policy subcategory settings" When this is enabled, your attempts to use the historical audit settings will not change behavior on the computer, and when you quit GPEdit and restart your changes to the historical settings will simply have
disappeared.
Will
Similar Messages
-
Completely not understanding photo sync with itunes .. please help!
With my old iphones, when i plugged in the iphone, the computer would automatically make folders with photos that I took (and there'd be a folder for each date that I took photos), which was very helpful. With iphone 4, that is not happening ... How do I get that to happen? Thanks
You need to check your autoplay settings, on your machine, for iPhone 4. Also setup your "Import Settings" to automatically make folders with photos.
Message was edited by: anilsudhakaran -
Imovie video does not run on PC with quick time!!!
I have produced a video on a Mac with imovie V 9.0.8 and exported via Quicktime. I tried to view the video on a PC with quicktime 7.7.3. Unfortunately this is not possible!! A simple link to a page with a number of third party suppliers should help! I do not have time and motivation to search in the jungle of codecs and secrets to find a correct solution. I do not understand apples policy. It is the most difficult thing to make a video and find a format that can be read with current software.
What can be done?I have produced a video on a Mac with imovie V 9.0.8 and exported via Quicktime. I tried to view the video on a PC with quicktime 7.7.3. Unfortunately this is not possible!! A simple link to a page with a number of third party suppliers should help! I do not have time and motivation to search in the jungle of codecs and secrets to find a correct solution.
What codec did you use for the export? I.e., It is most likely the video codec used for your export is causing the problem as it may not be included in the basic QT codec component package. (E.g., the Apple Intermediate Codec is only available on the Mac.)
I do not understand apples policy. It is the most difficult thing to make a video and find a format that can be read with current software.
If you exported the file for playback on a PC and selected or allowed a defaulted codec not available for the PC to be used, then the problem is self-inflected. The normal export combination would be H.264/AAC in an MOV, MP4, or M4V file container. Assuming the file was properly terminated and transferred between systems, any of these files should be playable in QT on your PC (as well as other third-party players like VLC, MPEG Streamclic, etc.)
What can be done?
The best option would probably be to re-export the project to any format known to be compatible with your PC QT install. -
Domain advanced audit policy not taking effect on DC.
Hi.
I'm having a strange problem getting an advance audit policy to take effect on one of my domain controllers, we'll call it DC1. I have two DCs on this network, and both are in the same OU, however behave wildly differently with the same policy.
For example, on DC1 when I run group policy results wizard from GPMC, I can see the local policy/audit policy settings, but no settings for advanced audit configuration are shown. However, if I log into DC1 itself and look at local security policy,
it shows settings in both areas.
No matter what changes I made to either area in the domain policy nothing would change in the local security policy on the system when refreshing group policy on the DC. It was as if it were stuck somehow. If I used the auditpol /get /category:* command
it showed default audit settings, and that's it.
I figured I would try to clear them and set them manually, and so I did an auditpol /clear, and now it says No Auditing for all categories. In addition to this, I did a gpupdate /force and it still said no auditing in all cagegories after displaying them
with auditpol /get /cagories:*. On DC2 which is in the same OU, when running the group policy result wizard, it shows both advance audit, and basic auditing settings being applied.
If I look in the local security policy it shows no auditing for all basic audit settings, and all the advanced audit settings as being set. Which should be the case when Audit: force audit policy subcategory settings is set (which it is). However, unlike
DC1, instead of showing No auditing, it shows all of the advanced audit configuration settings when I type auditpol /get /categories: * at the command prompt, and it's gpresults look good. I even cleared the audit policy off of DC2, and got it to show "no
auditing" before doing a gpupdate, and all it's settings came back. Not so with DC1. DC1 seems to apply all other group policy settings without issue.Hi,
Based on your description, we can use the command auditpol/clear to remove all audit settings, find the audit.csv file existing in the GPOs in which we configured audit settings,
delete the audit.csv file, and then configure the audit setting via group policy to see if it works as expected.
The path for the audit.csv file:
%systemroot%\Sysvol\sysvol\domainname\Policies\GPOs\Machine\
Microsoft\Windows NT\Audit
In addition, regarding audit policy, the following blog can be referred to for more information.
Getting the Effective Audit Policy in Windows 7 and 2008 R2
http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Best regards,
Frank Shen -
I am not allowed to sign in with my Apple ID on iTunes Connect when I am trying to publish my book in iBooks Author. I do not understand why because I have fulfilled the first steps creating an account and informed my IRS tax number...
The recommendation is always to make another ID for use with a paid books account. And while I can't swear this is at the root of your issue, you should in any case reach out to Apple for assistance on this one, I think.
Account Applications:
[email protected]
Global Phone Support
We have expanded English-language publisher phone support. To make contacting the iBookstore support even easier, new local phone numbers are now available for Australia, France, Germany, Italy, Netherlands, Spain, and the U.K. Support is available Monday to Friday, from 7 a.m. to 5 p.m. (PT).
Country
Phone Number
Australia
1300 307 504
Note that this is a low tariff number.
France
0805 540 117
Germany
0800 664 5307
Italy
800 915 902
Netherlands
0800 0201 578
Spain
900 812 687
U.K.
0800 975 0615
U.S.
+1 (877) 206-2092
Toll-free from U.S. and Canada.
Good luck -
Haveing problems with siri not understanding me
having trouble with siri not understanding me. could there be a glitch?
I just have a problem that when I ask Siri to schedule an appointment it directs me with a internet search with the words I just said. So it understnads my words but seems to think I want to search for them rather than schedule the appointment or play the music. I try Siri every couple of weeks and the response is so bad its worthless.
-
I am not understanding this Bonjour photo sharing thing with front row.
I just finished seting up my media center with a 37 inch Olevia. WOW
Anyways, what I am not understanding is I have iphoto set up on the other two compuers as sharing photos and the MINI is set to see them. Do I have to have iPhoto RUNNING on the other two computers so that I can RETRIEVE the photos on the mini? That seems so wrong. Can I just access the other computers photos and view them on my wireless network to the mini? I thought this is what this bonjour is all about...or do I have to copy the photos to the mini for viewing?
ThanksYou are most welcome.
I understand the frustration - but when you step back and think about reliability, it makes sense to have one application to do one thing. If front row had to handle the slide show - it would be bulky and whenever a new feature was developed (or bug fixed) - the code would have to be added and tested in both iPhoto and Front Row. By keeping front row thin, simple and intuitive - it gets to market cheaper and more reliably. Isn't that really why we use Mac?
iPhoto's job is to organize pictures. A lot of sophisticated things happen to add value when you take those "pictures in a flat folder" and import them - color correction, cropping, rotation, grouping into an album, ordering of the photos, settings for the slide show - music, fade effect, ken burns/zoom, etc...
I have those applications set to launch automagically when I log in and hide themselves so I never see them until needed. They sit there idle once they load until front row tickles them in the correct manner to feed data over the network to front row...
If you really need some photos to stand alone, you can always export a slide show as a quick time movie. Front Row will play movies remotely with no application running on the other end. -
sir have this error so what can i do The SIM card that you currently have installed in this iPhone is from a carrier that is not supported under the activation policy that is currently assigned by the activation server. This is not a hardware issue with the iPhone. Please insert another SIM card from a supported carrier or request that this iPhone be unlocked by your carrier. Please contact Apple for more information.
It looks like the iPhone is locked to a carrier that is not the one you are trying to use.
You need to determine which carrier it is locked to and then contact them to see if they are willing to authorise the unlocking of your iPhone. As ManSinha mentioned, many carriers will only authorised the unlock if requested by the customer who had the contract with them for this iPhone.
Remember that only the carrier who owns the lock on your Iphone can authorise Apple to unlock the iPhone in their servers. You need to contact the carrier or have the previous owner of the iPhone request the unlocking. -
the SIM card that you currently have installed in this iPhone is form a carrier that is not supported under the activation policy that is currently assigned by the activation server.this is not a hardware issue with the iphon. please insert another SIM card from supported carrier or request that this iPhone be unlocked by your carrier.
Similar issue
here is the description
I have similar message but for me the Verizon guys said they unlocked it and when I actually connected to iTunes using Verizon sim card and then did the restore as new iphone then everything worked well and at the end i saw the message "Congrats, your iphone is now unlocked" and then I did the set up as new iphone for my kid.
Once new apple ID was set up, then I removed the verizon SIM and then inserted prepaid t-mobile sim card and after the phone booted up then I got the same message like above...."not supported"
What do i do now? I think the phone is unlocked right?
Also do I need to insert Verizon SIM card and do restore as NEW and this time do not set up the iphone but change the SIM card and then set up or ?
I am confused and other threads were talking that if you get congrats message then u shd be good to use other SIM cards....please help!!! -
The Sim card that you currently have installed in this iphone is from a carrier that is not supprotedunder the activation policy that is currently assigned by the activation server. this is not a hardware issue with the iphone. please insert another sim card from a supported carrier or request that this iphone be unlocked by your carrier.please contact apple for more information.
I have similar message but for me the Verizon guys said they unlocked it and when I actually connected to iTunes using Verizon sim card and then did the restore as new iphone then everything worked well and at the end i saw the message "Congrats, your iphone is now unlocked" and then I did the set up as new iphone for my kid.
Once new apple ID was set up, then I removed the verizon SIM and then inserted prepaid t-mobile sim card and after the phone booted up then I got the same message like above...."not supported"
What do i do now? I think the phone is unlocked right?
Also do I need to insert Verizon SIM card and do restore as NEW and this time do not set up the iphone but change the SIM card and then set up or ?
I am confused and other threads were talking that if you get congrats message then u shd be good to use other SIM cards....please help!!! -
Auditing with advanced audit policy
I'm looking into advanced audit policy and recommendations.
What is the difference between "advanced audit policy configuration" and "auditpol.exe?"
Once advanced audit policy is configured, where can I check the logs? Event Viewer?
Should the advanced audit policy be configured on the Default Domain Policy or a separate policy on specific OUs?Hi,
The basic security audit policy settings in Security Settings\Local Policies\Audit Policy and the advanced security audit policy settings in
Security Settings\Advanced Audit Policy Configuration\System Audit Policies appear to overlap, but they are recorded and applied differently. When you apply basic audit policy settings to the local computer using Local Security Policy, you
are editing the effective audit policy, so changes made to basic audit policy settings will appear exactly as configured in Auditpol.exe.
There are a number of additional differences between the security audit policy settings in these two locations.
There are nine basic audit policy settings under Security Settings\Local Policies\Audit Policy and 53 settings under
Advanced Audit Policy Configuration. The settings available in
Security Settings\Advanced Audit Policy Configuration address similar issues as the basic nine settings in
Local Policies\Audit Policy but allow administrators to be more selective in the number and types of events to audit. For example, where basic audit policy provides a single setting for account logon, advanced audit policy provides four. Enabling
the single basic account logon setting would be the equivalent of setting all four advanced account logon settings. In comparison, setting a single advanced audit policy setting does not generate audit events for activities you are not interested in. In addition,
if you enable success auditing for the basic Audit account logon events setting, only success events will be logged for all account logon–related behaviors. In comparison, you can configure success auditing for one advanced account logon
setting, failure auditing for a second advanced account logon setting, Success and failure auditing for a third advanced account logon setting—or no auditing, depending on the needs of your organization.
The nine basic settings under Security Settings\Local Policies\Audit Policy were introduced in Windows 2000, and therefore are available to all versions of Windows released since then. The advanced audit policy settings were introduced in
Windows Vista and Windows Server 2008. The advanced settings can only be used on computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008.
For more information, please refer to the below link:
Advanced Security Auditing FAQ
http://technet.microsoft.com/en-us/library/ff182311(WS.10).aspx#BKMK_2
Best Regards,
Yan Li
Yan Li
TechNet Community Support -
Win7 desktops secpol and Local Sec Policy not showing auditing enabled
ok, I thought I have this licked with a solution before,
I have a Server 2008 R2 and Win7 Desktops where I have a Server 2008 GPO to Audit Events on the server and desktops, however at the desktops locally auditing is greyed out and displaying ‘no auditing’ but logs show auditing entries.
At the Server 2008 R2 SP1 64
Server
Administrative Tools
Group Policy Management
Forest
Domains
My_Network_Name.com
Default Domain Policy
Edit
Computer Configuration
Policies
Windows Settings
Security Settings
Local Policies
Audit Policy
Logon, Account, Etc all able to change Success, Fail
However at the Windows 7 desktops the Local Security Policy, Local Policies, Audit Policies, all the policies have ‘no auditing’ however the local Win7 Event Logs are auditing.
What would cause this to display ‘no auditing’ at the desktops and yet enter events locally and at the server
Thank you
B.Thanks,
The Server 2008 R2 has this:
System audit policy
Category/Subcategory Setting
System
Security System Extension No Auditing
System Integrity No Auditing
IPsec Driver No Auditing
Other System Events Success and Failure
Security State Change No Auditing
Logon/Logoff
Logon Success and Failure
Logoff Success and Failure
Account Lockout Success and Failure
IPsec Main Mode No Auditing
IPsec Quick Mode No Auditing
IPsec Extended Mode No Auditing
Special Logon No Auditing
Other Logon/Logoff Events Success and Failure
Network Policy Server No Auditing
Object Access
File System No Auditing
Registry No Auditing
Kernel Object No Auditing
SAM No Auditing
Certification Services No Auditing
Application Generated Failure
Handle Manipulation No Auditing
File Share Failure
Filtering Platform Packet Drop No Auditing
Filtering Platform Connection No Auditing
Other Object Access Events No Auditing
Detailed File Share No Auditing
Privilege Use
Sensitive Privilege Use No Auditing
Non Sensitive Privilege Use No Auditing
Other Privilege Use Events No Auditing
Detailed Tracking
Process Termination No Auditing
DPAPI Activity No Auditing
RPC Events No Auditing
Process Creation No Auditing
Policy Change
Audit Policy Change Success and Failure
Authentication Policy Change Success and Failure
Authorization Policy Change Success and Failure
MPSSVC Rule-Level Policy Change No Auditing
Filtering Platform Policy Change No Auditing
Other Policy Change Events Success and Failure
Account Management
User Account Management No Auditing
Computer Account Management No Auditing
Security Group Management No Auditing
Distribution Group Management No Auditing
Application Group Management No Auditing
Other Account Management Events No Auditing
DS Access
Directory Service Changes No Auditing
Directory Service Replication No Auditing
Detailed Directory Service Replication No Auditing
Directory Service Access No Auditing
Account Logon
Kerberos Service Ticket Operations No Auditing
Other Account Logon Events No Auditing
Kerberos Authentication Service No Auditing
Credential Validation No Auditing
The Windows 7 Desktops have this:
System audit policy
Category/Subcategory Setting
System
Security System Extension No Auditing
System Integrity No Auditing
IPsec Driver No Auditing
Other System Events Success and Failure
Security State Change No Auditing
Logon/Logoff
Logon Success and Failure
Logoff Success and Failure
Account Lockout Success and Failure
IPsec Main Mode No Auditing
IPsec Quick Mode No Auditing
IPsec Extended Mode No Auditing
Special Logon No Auditing
Other Logon/Logoff Events Success and Failure
Network Policy Server No Auditing
Object Access
File System No Auditing
Registry No Auditing
Kernel Object No Auditing
SAM No Auditing
Certification Services No Auditing
Application Generated Failure
Handle Manipulation No Auditing
File Share Failure
Filtering Platform Packet Drop No Auditing
Filtering Platform Connection No Auditing
Other Object Access Events No Auditing
Detailed File Share No Auditing
Privilege Use
Sensitive Privilege Use No Auditing
Non Sensitive Privilege Use No Auditing
Other Privilege Use Events No Auditing
Detailed Tracking
Process Termination No Auditing
DPAPI Activity No Auditing
RPC Events No Auditing
Process Creation No Auditing
Policy Change
Audit Policy Change Success and Failure
Authentication Policy Change Success and Failure
Authorization Policy Change Success and Failure
MPSSVC Rule-Level Policy Change No Auditing
Filtering Platform Policy Change No Auditing
Other Policy Change Events Success and Failure
Account Management
User Account Management No Auditing
Computer Account Management No Auditing
Security Group Management No Auditing
Distribution Group Management No Auditing
Application Group Management No Auditing
Other Account Management Events No Auditing
DS Access
Directory Service Changes No Auditing
Directory Service Replication No Auditing
Detailed Directory Service Replication No Auditing
Directory Service Access No Auditing
Account Logon
Kerberos Service Ticket Operations No Auditing
Other Account Logon Events No Auditing
Kerberos Authentication Service No Auditing
Credential Validation No Auditing -
I do not understand how to restore my iTunes library inlcuding Playlists and all? In clearing out an older Powerbook I had not signed out of MobileMe when clearing iTunes. That deleted many songs and Playlists on the iMac and iPhone. Help is appreciated.
And yes, I have a 500G external HD so I know the data is in there.
-
My 5S is starting to "scramble" my calls so you can not understand the party on the other end.
Basics from the manual are restart, reset, restore
Have you tried all of these? -
It says SIM card is from a carrier that is not supported activation policy?
after reseting my phone i am very stunned because it says that The SIM card that you currently have installed in this iPhone is from a carrier that is not supported under the activation policy that is currently assigned by the activation server. This is not a hardware issue with the iPhone. Please insert another SIM card from a supported carrier or request that this iPhone be unlocked by your carrier. Please contact Apple for more information.
Cant understand what to do now...Sounds like the iPhone was hacked to be unlocked. When restoring an iPhone with iTunes that was hacked to be unlocked, the hack is removed and re-locked to the carrier the iPhone was sold as carrier locked with when new.
Maybe you are looking for
-
AirPrint HP OfficeJet 6500A problem
I bought a new HP OfficeJet 6500A. Can print via AirPrint the very first day. Then, subsequently, can't no matter what I did or how I reset the config both the in iPad or HP printer. Downloaded the latest firmware in HP and later iOS in my iPad. What
-
Photoshop CC 2014 startup crash
Hi everyone. Never experienced this before so I'm at a loss. I've tried reinstalling and restarting etc. but it doesn't want to open. On opening, I get the question: "The last time you opened Photoshop, it unexpectedly quit while reopening windows. D
-
Lookup using RFC & JCO.
Hi All, We are develloping Lookup logic using custom java code. Our Xi server is at SP12.The code is working fine in java IDE. But when I imported classes into Repository & tested its rebooting services of XI j2ee engine & I am getting message dispat
-
IPhoto 06 crashes while trying to upgrade library
I get the following error every time - I have 1 gig of RAM on a PB 1.67 MHz. Jan 13 14:24:37 bullwinkle diskarbitrationd[46]: iPhoto [334]:22075 not responding. iPhoto(334,0xa000ed68) malloc: * vm_allocate(size=8421376) failed (error code=3) iPhoto(3
-
ColdFusion Builder 3 RDS and Remove Server settings reset on each restart
I have CF Builder 3 Trial installed as standalone application. Every time I restart CF Builder, the RDS mapping settings for the remote server I have are gone and also the remote ColdFusion server I set up is gone and I need to recreate it. Is there