Challenges with Audit Policy Configuration in Active Directory

Dipto Adhikary 20 Reputation points
2023-10-13T17:26:35.9866667+00:00

I configured a GPO for Basic Audit Policy on the "Default Domain Policy" within my Active Directory (production environment). Initially, the configuration was successful, and the policy was visible on client machines. Subsequently, I configured a similar GPO for Advanced Audit Policy on the "Default Domain Policy." However, I encountered a situation where both Audit Policies ceased functioning on client machines, even though other policies remained operational.

To address this issue, I decided to replicate the problem in a controlled lab environment, configuring the GPO as in the production environment. Unfortunately, I encountered the same results. Even after editing the GPO to disable all settings for the Advanced Audit Policy and forcefully updating the GPO, the Audit Policy continued to not function in the lab.

In an attempt to isolate the issue, I disabled all settings for both Basic and Advanced Audit Policies. I then created a new GPO exclusively for the Basic Audit Policy, applied and enforced it at the domain level in my lab environment. Strangely, the Basic Audit Policy was still not functioning. As a troubleshooting step, I unlinked the "Default Domain Policy" and forcefully updated the GPO, which finally resulted in the policy functioning as expected. I performed a similar test in which I reverted to the "Default Domain Policy" and reconfigured the Basic Audit Policy, which also resolved the issue.

However, from a production environment perspective, unlinking and reverting the "Default Domain Policy" is not a viable option. What steps can I take to address and resolve this issue?

Furthermore, if I were to revert back to the "Default Domain Policy," what challenges and considerations should I be aware of?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,508 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,857 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,294 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,996 questions
0 comments No comments
{count} votes