Domain Controller Group Policy has Red "x" on audit policy settings

R, Jeremy 6 Reputation points
2021-03-01T13:56:34.217+00:00

I have auditing for Logon events enabled on my Domain Controller Group policy. But, when I run RSOP.msc I see red "X"s on all the audit policies. If I look at properties on the logon event, then look as the precedence tab, I see this error "The policy engine did not attempt to configure the setting. For more information, see %windir%\security\logs\winlogon.log on the target machine." I looked at this directory on the DC, but it doesn't exist. There are no logon events being logged by the DCs either. How can I troubleshoot this issue? Thanks! ![73027-image.png][1] [1]: /api/attachments/73027-image.png?platform=QnA

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2021-03-02T00:15:58.74+00:00

    Hi,
    This issue occurs if the "Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting is enabled in Windows Vista or in Windows Server 2008. The policy setting can be enabled by using Group Policy or it can be enabled manually by modifying the registry.

    To resolve this issue, use one of the following methods, as appropriate for your situation.
    73068-321.jpg
    For more information , you can refer to :
    https://learn.microsoft.com/en-US/troubleshoot/windows-server/windows-security/security-auditing-settings-not-applied-when-deploy-domain-based-policy
    Similar case for your reference:
    https://social.technet.microsoft.com/Forums/lync/en-US/fde42cfc-bb74-4e11-8b60-c1a3cb5d80ed/rsop-the-policy-engine-did-not-attempt-to-configure-the-setting?forum=winserverGP


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.