Hi, We have almost all our Windows servers versions are 2008 R2. All DCs are Windows 2008 R2 Enterprise edition. We found that in all our Windows 2008 R2 servers security events are not continuously getting updated. There are frequent breaks of 8 hours or 17 hours alike. This is not the same with Application events and System events. They are up-to-date. Has anybody faced his kind of situation in any of your environment? Please help with your suggestions. Rgds, Guru.

One setting we have found which needs to be updated is Generate security audits settings which should have NT AUTHORITY\LOCAL SERVICE and NT A UTHORITY\NETWORK SERVICE accounts permitted. We are planning for this setting through Group Policy and observe.

No. Still not working with the above settings applied. Could anybody help us with this? Rgds, Guru.

Advanced audit policy should be used for Windows 2008 auditing. If Windows 2003 also exist in the environment, then basic audit policy should also be enabled if auditing is required for Windows 2003. When basic audit policy and advanced audit policy both are enabled in the environment then override policy should be set for advanced policy to override basic audit policy for Windows 2008 auditing. This started working for us.

Thank you for sharing your experience with us.