Share via

Server 2019 - Advanced Auditing

Anonymous
2024-08-29T15:01:03+00:00

Server 2019

We are attempting to get advanced auditing working on the server so we can use defender for identity and we are running into problems

get-mdiconfiguration on the domain shows that it is set.

get-mdiconfiguration on localmachine shows that it is not set. when we manually set it, it eventually goes back to false.

auditpol.exe shows that the settings are all set

FYI, i keep adding screens but the question gets auto removed. So if there is anything you need to provide assistance, please let me know

Windows Server Identity and access

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-08-30T06:58:06+00:00

    Hi Joe Stef,

    Thank you for posting in the Microsoft Community Forums.

    Here are a few steps to help you troubleshoot and resolve the issue:

    Confirm the Defender for Identity service status:

    Make sure that the Defender for Identity service is running. You can check this in the Services Manager (services.msc).

    Check the group policy settings:

    Although you mentioned that auditpol.exe shows that the settings are correct, it is recommended to double-check if there are any Group Policies that may override or modify these settings. You can use the Group Policy Editor (gpedit.msc) to view the relevant audit policy settings.

    Check the Defender for Identity logs:

    Check Defender for Identity's log files to see if there are any error or warning messages that can help you diagnose the problem. These logs are usually located in the Logs folder in the Defender for Identity installation directory.

    Check the registry settings:

    In some cases, Defender for Identity may manage its configuration through the registry. Check if any registry entries have been incorrectly set or modified. Note, however, that it is risky to modify the registry directly, so make sure you have an adequate backup.

    Reinstall or update Defender for Identity:

    If the problem persists, consider reinstalling or updating Defender for Identity to the latest version. Sometimes, bugs or compatibility issues in the software itself can cause such problems. Check firewalls and security software:

    Ensure that no firewalls or security software are preventing Defender for Identity from functioning properly.

    Verify domain controller configuration:

    If you are using domain controllers in your environment, make sure that they are also configured with the correct auditing policies and that Defender for Identity has access to those domain controllers.

    Check permissions and accounts:

    Ensure that the account running the Defender for Identity service has sufficient permissions to access and modify the necessary configurations.

    Check the Event Viewer:

    View errors and warnings related to security, auditing, and Defender for Identity in the Windows Event Viewer.

    Best regards

    Neuvi

    0 comments