Auditpol and Gpedit.msc policy values are mismatching

Siba 0 Reputation points
2024-03-13T15:41:21.34+00:00

I tested the below scenario on my machine,

  1. Opened gpedit.msc
  2. Navigated to "Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon\Audit Credential Validation"
  3. It showed "Not Configured"
  4. Executed "auditpol /set /subcategory:"credential validation", /failure:disable /success:enable"
  5. auditpol /get /subcategory:"credential validation" and got the output below.

C:\Users\Administrator>auditpol /get /subcategory:"credential validation"

System audit policy

Category/Subcategory                      Setting

Account Logon   

    Credential Validation                   Success and Failure 
```6. But still the gpedit.msc shows not configured.

 7. Then when I execute gpupdate or restart my machine. 

8. I executed "auditpol /get /subcategory:"credential validation" and then got the below output. 

C:\Users\Administrator>auditpol /get /subcategory:"credential validation" 

System audit policy                            

Category/Subcategory                       Setting

Account Logon  

```dockerfile
 Credential Validation                   No Auditing 
```When we restart or execute gpupdate, Whatever displayed on the gpedit.msc is set to the Audit credential validation policy.

Is there any solution to update the gpedit.msc using command. Or is there any work around for this.
Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,457 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 18,701 Reputation points Microsoft Vendor
    2024-03-14T02:46:05.05+00:00

    Hello Siba,

    Thank you for posting in Q&A forum.

    Did you set gpedit.msc on one domain member server or Domain Controller or one domain client machine?

    There are two locations we can configure the audit policies:

    Security Settings\Local Policies\Audit Policy

    Security Settings\Advanced Audit Policy Configuration\System Audit Policies

    Once we used the Advanced audit policy in the system, the legacy audit policy will not be used by this system.

    Generally, we can check if the GPOs are applied via the gpresult /h. But it is not suitable and accurate to check the audit policies. We check the audit policies applying result via the auditpol command:

    auditpol /get /category:* >c:\filename.txt

    If this command results in any audit policies, the advanced audit policy settings are configured.

    Please check if you have configured Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon\Audit Credential Validation=> Success=enabled via Domain GPO and apply it to the same machine.

    If no any domain GPO with such setting applies to this machine, it will apply the default setting within Default Domain Policy below.

    Default values on Client editions:

    Credential Validation: No Auditing

    Default values on Server editions:

    Credential Validation: Success
    User's image

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments