Default Domain Policy vs Default Domain Controller Policy

Discussion in 'MCSE' started by Tyler Cobb, Sep 29, 2005.

  1. Tyler Cobb

    Tyler Cobb Guest

    I'm reading along in the 70-290 book and there's an exercise that tells me
    to enable the Audit Accounts Logon Events and the Audit Logon Events
    policies in the Default Domain Controller Policy area. After that, they
    wanted me to try to log in with the wrong password on an account and then to
    come back on as Administrator and check out the Security Log in Event
    Viewer. I did all this but I noticed that it does not record any invalid
    logon attempts. It did, however, show the successful ones. I have verified
    that the policies are configured to audit both successes and failures.

    Out of curiousity, I went into the Default Domain Policy and enabled the
    same audit policies in there. When I viewed the Security Logs, I could see
    invalid logon attempts. Could the book be wrong or is there something I'm
    not understanding in a real scenario? I just have one computer setup with
    Windows Server 2003 for lab exercises. I was trying to generate invalid
    logins from the console. It's not networked to anything at the moment. Would
    it have worked if it were not a PDC on a one-computer network? Would it have
    been different if I tried to logon from a workstation?

    That brings me to another question if anyone has the time. I noticed that
    there seems to be an excessive pause when making some choices in Active
    Directory. I'm assuming the computer is trying to talk to something on the
    network that isn't there and timing out. Any idea what would be causing
    this?

    Thanks!
     
    Tyler Cobb, Sep 29, 2005
    #1
    1. Advertising

  2. Tyler Cobb

    lowdes Guest

    "Tyler Cobb" <> wrote in message
    news:C2X_e.4645$...
    > I'm reading along in the 70-290 book and there's an exercise that tells me
    > to enable the Audit Accounts Logon Events and the Audit Logon Events
    > policies in the Default Domain Controller Policy area. After that, they
    > wanted me to try to log in with the wrong password on an account and then
    > to
    > come back on as Administrator and check out the Security Log in Event
    > Viewer. I did all this but I noticed that it does not record any invalid
    > logon attempts. It did, however, show the successful ones. I have verified
    > that the policies are configured to audit both successes and failures.


    If this is showing the successful ones, are you sure you just didn't check
    success and not check the failure box?



    >
    > Out of curiousity, I went into the Default Domain Policy and enabled the
    > same audit policies in there. When I viewed the Security Logs, I could see
    > invalid logon attempts. Could the book be wrong or is there something I'm
    > not understanding in a real scenario? I just have one computer setup with
    > Windows Server 2003 for lab exercises. I was trying to generate invalid
    > logins from the console. It's not networked to anything at the moment.
    > Would
    > it have worked if it were not a PDC on a one-computer network? Would it
    > have
    > been different if I tried to logon from a workstation?
    >
    > That brings me to another question if anyone has the time. I noticed that
    > there seems to be an excessive pause when making some choices in Active
    > Directory. I'm assuming the computer is trying to talk to something on the
    > network that isn't there and timing out. Any idea what would be causing
    > this?
    >
    > Thanks!
    >
     
    lowdes, Sep 29, 2005
    #2
    1. Advertising

  3. Tyler Cobb

    Kurt Guest

    Or, if there's mor that one DC, did you set auditing and check the viewer on
    the others?

    .....kurt

    "lowdes" <> wrote in message
    news:gKY_e.101541$-kc.rr.com...
    >
    > "Tyler Cobb" <> wrote in message
    > news:C2X_e.4645$...
    >> I'm reading along in the 70-290 book and there's an exercise that tells
    >> me
    >> to enable the Audit Accounts Logon Events and the Audit Logon Events
    >> policies in the Default Domain Controller Policy area. After that, they
    >> wanted me to try to log in with the wrong password on an account and then
    >> to
    >> come back on as Administrator and check out the Security Log in Event
    >> Viewer. I did all this but I noticed that it does not record any invalid
    >> logon attempts. It did, however, show the successful ones. I have
    >> verified
    >> that the policies are configured to audit both successes and failures.

    >
    > If this is showing the successful ones, are you sure you just didn't check
    > success and not check the failure box?
    >
    >
    >
    >>
    >> Out of curiousity, I went into the Default Domain Policy and enabled the
    >> same audit policies in there. When I viewed the Security Logs, I could
    >> see
    >> invalid logon attempts. Could the book be wrong or is there something I'm
    >> not understanding in a real scenario? I just have one computer setup with
    >> Windows Server 2003 for lab exercises. I was trying to generate invalid
    >> logins from the console. It's not networked to anything at the moment.
    >> Would
    >> it have worked if it were not a PDC on a one-computer network? Would it
    >> have
    >> been different if I tried to logon from a workstation?
    >>
    >> That brings me to another question if anyone has the time. I noticed that
    >> there seems to be an excessive pause when making some choices in Active
    >> Directory. I'm assuming the computer is trying to talk to something on
    >> the
    >> network that isn't there and timing out. Any idea what would be causing
    >> this?
    >>
    >> Thanks!
    >>

    >
    >
     
    Kurt, Sep 30, 2005
    #3
  4. Tyler Cobb

    Tyler Cobb Guest

    "lowdes" <> wrote in message
    news:gKY_e.101541$-kc.rr.com...
    > If this is showing the successful ones, are you sure you just didn't check
    > success and not check the failure box?


    Yes, as previously mentioned in the original post, I double-checked myself.
    It's showing domain successes but not workstation success/failures. Thanks,
    though.
     
    Tyler Cobb, Oct 1, 2005
    #4
  5. Tyler Cobb

    Tyler Cobb Guest

    "Kurt" <> wrote in message
    news:...
    > Or, if there's mor that one DC, did you set auditing and check the viewer
    > on the others?
    >
    > ....kurt


    As I noted in the original post, the lab is simply one PDC. No other
    computers are involved or even available. But, thank you for your time.
     
    Tyler Cobb, Oct 1, 2005
    #5
  6. You need to make sure that auditing of "account logon" events is enabled in
    for both success and failure in Domain Controller Security Policy. It sounds
    like it was set to undefined for at least failure if enabling it in Domain
    Security Policy got it to work. You will find the Resultant Set of Policy
    mmc snapin on the domain controller in logging mode helpful to find out what
    Group Policy settings are applied to the computer and it should show the GPO
    that is applying a particular setting. It would make do difference if you
    were logging on from a domain workstation as all domain user accounts are
    authenticated by a domain controller and a logon failure to the domain
    should generate a failed "account logon" event in the security log of the
    domain controller used for authentication. Since you seem to be experiencing
    problems and time lags I would verify that dns is correct in that your only
    domain controller points ONLY to itself as it's preferred dns server by it's
    static IP address as shown via ipconfig /all. Then check the system,
    application, etc, logs for anything that may be related and run the support
    tools netdiag, dcdiag, and gpotool on your domain controller to see if a
    problem is found. The support tools are on the install disk in the
    support/tools folder where you need to run the setup program there. ---
    Steve


    "Tyler Cobb" <> wrote in message
    news:C2X_e.4645$...
    > I'm reading along in the 70-290 book and there's an exercise that tells me
    > to enable the Audit Accounts Logon Events and the Audit Logon Events
    > policies in the Default Domain Controller Policy area. After that, they
    > wanted me to try to log in with the wrong password on an account and then
    > to
    > come back on as Administrator and check out the Security Log in Event
    > Viewer. I did all this but I noticed that it does not record any invalid
    > logon attempts. It did, however, show the successful ones. I have verified
    > that the policies are configured to audit both successes and failures.
    >
    > Out of curiousity, I went into the Default Domain Policy and enabled the
    > same audit policies in there. When I viewed the Security Logs, I could see
    > invalid logon attempts. Could the book be wrong or is there something I'm
    > not understanding in a real scenario? I just have one computer setup with
    > Windows Server 2003 for lab exercises. I was trying to generate invalid
    > logins from the console. It's not networked to anything at the moment.
    > Would
    > it have worked if it were not a PDC on a one-computer network? Would it
    > have
    > been different if I tried to logon from a workstation?
    >
    > That brings me to another question if anyone has the time. I noticed that
    > there seems to be an excessive pause when making some choices in Active
    > Directory. I'm assuming the computer is trying to talk to something on the
    > network that isn't there and timing out. Any idea what would be causing
    > this?
    >
    > Thanks!
    >
     
    Steven L Umbach, Oct 1, 2005
    #6
  7. Tyler Cobb

    Tyler Cobb Guest

    In article <ecKO#>, n9rou@nospam-
    comcast.net says...
    > You need to make sure that auditing of "account logon" events is enabled in
    > for both success and failure in Domain Controller Security Policy. It sounds
    > like it was set to undefined for at least failure if enabling it in Domain
    > Security Policy got it to work. You will find the Resultant Set of Policy
    > mmc snapin on the domain controller in logging mode helpful to find out what
    > Group Policy settings are applied to the computer and it should show the GPO
    > that is applying a particular setting. It would make do difference if you
    > were logging on from a domain workstation as all domain user accounts are
    > authenticated by a domain controller and a logon failure to the domain
    > should generate a failed "account logon" event in the security log of the
    > domain controller used for authentication. Since you seem to be experiencing
    > problems and time lags I would verify that dns is correct in that your only
    > domain controller points ONLY to itself as it's preferred dns server by it's
    > static IP address as shown via ipconfig /all. Then check the system,
    > application, etc, logs for anything that may be related and run the support
    > tools netdiag, dcdiag, and gpotool on your domain controller to see if a
    > problem is found. The support tools are on the install disk in the
    > support/tools folder where you need to run the setup program there. ---
    > Steve


    Yeah, I had verified that it was not undefined or obviously
    misconfigured prior to writing my original post. Very strange, I know.
    I'm still at a loss for that one. However, the DNS issue was something
    that I needed to look at. Windows Server 2003 had installed DNS services
    by default and I had just never got around to configuring them. Not that
    there is really anything to configure DNS for as I am just on a single
    PDC that isn't on a network, nor has there been a chapter about how to
    configure DNS during my studies so far. I glanced over the DNS
    configuration and, luckily for me, it turned out to be pretty self-
    explanitory. Once I setup DNS the annoying pauses between Active
    Directory operations vanished. Thanks for the suggestion! You were right
    on!
     
    Tyler Cobb, Oct 19, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. FESWANY
    Replies:
    3
    Views:
    2,353
  2. =?Utf-8?B?UmVic3U=?=
    Replies:
    11
    Views:
    13,994
    Guest
    Jun 11, 2005
  3. Tyler Cobb
    Replies:
    1
    Views:
    744
    dawnad
    Oct 9, 2005
  4. Limited Wisdom
    Replies:
    7
    Views:
    810
    Jonathan Roberts
    Sep 13, 2006
  5. Abaaseen
    Replies:
    9
    Views:
    1,023
    Kline Sphere
    Jan 19, 2009
Loading...

Share This Page