No account logon nor NPS events in security log on domain controller

Hi,

we have 2k8R2 domain controller with NPS service on it. Due to frequent blocking one of accounts, I would like to set a logging on DC to determine which station causes multiple user login.

The Default Domain Controllers Policy looks OK:
Default Domain Controllers Policy

But there are no events in security log on DC (there is only one DC in this environment).

This is the "Default Domain Policy":
Default Domain Policy

I also discovered that there are no events for Network Policy Server - it is installed on DC and works as NAP.

September 8th, 2015 9:28am

After the change did you have restarted the DC ?
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2015 1:17am

Yes, the DC was rebooted.

September 10th, 2015 9:38am

Try to run this command from an elevated prompt on NPS to see your current audit policy settings:

auditpol /get /category:*

If it shows No auditing, you can run auditpol /set command to enable it.

https://technet.microsoft.com/en-us/library/cc772576.aspx?f=255&MSPPError=-2147217396

Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 1:13am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics