Default Domain Policy vs Default Domain Controller Policy

Discussion in 'MCSE' started by Tyler Cobb, Sep 29, 2005.

  1. Tyler Cobb

    Tyler Cobb Guest

    I'm reading along in the 70-290 book and there's an exercise that tells me
    to enable the Audit Accounts Logon Events and the Audit Logon Events
    policies in the Default Domain Controller Policy area. After that, they
    wanted me to try to log in with the wrong password on an account and then to
    come back on as Administrator and check out the Security Log in Event
    Viewer. I did all this but I noticed that it does not record any invalid
    logon attempts. It did, however, show the successful ones. I have verified
    that the policies are configured to audit both successes and failures.

    Out of curiousity, I went into the Default Domain Policy and enabled the
    same audit policies in there. When I viewed the Security Logs, I could see
    invalid logon attempts. Could the book be wrong or is there something I'm
    not understanding in a real scenario? I just have one computer setup with
    Windows Server 2003 for lab exercises. I was trying to generate invalid
    logins from the console. It's not networked to anything at the moment. Would
    it have worked if it were not a PDC on a one-computer network? Would it have
    been different if I tried to logon from a workstation?

    That brings me to another question if anyone has the time. I noticed that
    there seems to be an excessive pause when making some choices in Active
    Directory. I'm assuming the computer is trying to talk to something on the
    network that isn't there and timing out. Any idea what would be causing

    Tyler Cobb, Sep 29, 2005
    1. Advertisements

  2. Tyler Cobb

    lowdes Guest

    If this is showing the successful ones, are you sure you just didn't check
    success and not check the failure box?
    lowdes, Sep 29, 2005
    1. Advertisements

  3. Tyler Cobb

    Kurt Guest

    Or, if there's mor that one DC, did you set auditing and check the viewer on
    the others?

    Kurt, Sep 30, 2005
  4. Tyler Cobb

    Tyler Cobb Guest

    Yes, as previously mentioned in the original post, I double-checked myself.
    It's showing domain successes but not workstation success/failures. Thanks,
    Tyler Cobb, Oct 1, 2005
  5. Tyler Cobb

    Tyler Cobb Guest

    As I noted in the original post, the lab is simply one PDC. No other
    computers are involved or even available. But, thank you for your time.
    Tyler Cobb, Oct 1, 2005
  6. You need to make sure that auditing of "account logon" events is enabled in
    for both success and failure in Domain Controller Security Policy. It sounds
    like it was set to undefined for at least failure if enabling it in Domain
    Security Policy got it to work. You will find the Resultant Set of Policy
    mmc snapin on the domain controller in logging mode helpful to find out what
    Group Policy settings are applied to the computer and it should show the GPO
    that is applying a particular setting. It would make do difference if you
    were logging on from a domain workstation as all domain user accounts are
    authenticated by a domain controller and a logon failure to the domain
    should generate a failed "account logon" event in the security log of the
    domain controller used for authentication. Since you seem to be experiencing
    problems and time lags I would verify that dns is correct in that your only
    domain controller points ONLY to itself as it's preferred dns server by it's
    static IP address as shown via ipconfig /all. Then check the system,
    application, etc, logs for anything that may be related and run the support
    tools netdiag, dcdiag, and gpotool on your domain controller to see if a
    problem is found. The support tools are on the install disk in the
    support/tools folder where you need to run the setup program there. ---
    Steven L Umbach, Oct 1, 2005
  7. Tyler Cobb

    Tyler Cobb Guest

    Yeah, I had verified that it was not undefined or obviously
    misconfigured prior to writing my original post. Very strange, I know.
    I'm still at a loss for that one. However, the DNS issue was something
    that I needed to look at. Windows Server 2003 had installed DNS services
    by default and I had just never got around to configuring them. Not that
    there is really anything to configure DNS for as I am just on a single
    PDC that isn't on a network, nor has there been a chapter about how to
    configure DNS during my studies so far. I glanced over the DNS
    configuration and, luckily for me, it turned out to be pretty self-
    explanitory. Once I setup DNS the annoying pauses between Active
    Directory operations vanished. Thanks for the suggestion! You were right
    Tyler Cobb, Oct 19, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.