Default Domain Policy vs. Default Domain Controller Policy

Discussion in 'MCSA' started by Tyler Cobb, Sep 28, 2005.

  1. Tyler Cobb

    Tyler Cobb Guest

    I'm reading along in the 70-290 book and there's an exercise that tells me
    to enable the Audit Accounts Logon Events and the Audit Logon Events
    policies in the Default Domain Controller Policy area. After that, they
    wanted me to try to log in with the wrong password on an account and then to
    come back on as Administrator and check out the Security Log in Event
    Viewer. I did all this but I noticed that it does not record any invalid
    logon attempts. It did, however, show the successful ones. I have verified
    that the policies are configured to audit both successes and failures.

    Out of curiousity, I went into the Default Domain Policy and enabled the
    same audit policies in there. When I viewed the Security Logs, I could see
    invalid logon attempts. Could the book be wrong or is there something I'm
    not understanding in a real scenario? I just have one computer setup with
    Windows Server 2003 for lab exercises. I was trying to generate invalid
    logins from the console. It's not networked to anything at the moment. Would
    it have worked if it were not a PDC on a one-computer network? Would it have
    been different if I tried to logon from a workstation?

    That brings me to another question if anyone has the time. I noticed that
    there seems to be an excessive pause when making some choices in Active
    Directory. I'm assuming the computer is trying to talk to something on the
    network that isn't there and timing out. Any idea what would be causing

    Tyler Cobb, Sep 28, 2005
    1. Advertisements

  2. Tyler Cobb

    dawnad Guest

    I've not tried that excercise but one thing i do know is that group policies
    take a configurable amount of time to take effect. pherhaps using the command
    "gpupdate" which forces the policy to update immediately will help you.
    dawnad, Oct 9, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.