Domain Controller Group Policy has Red "x" on audit policy settings

R, Jeremy 1 Reputation point

I have auditing for Logon events enabled on my Domain Controller Group policy. But, when I run RSOP.msc I see red "X"s on all the audit policies. If I look at properties on the logon event, then look as the precedence tab, I see this error "The policy engine did not attempt to configure the setting. For more information, see %windir%\security\logs\winlogon.log on the target machine." I looked at this directory on the DC, but it doesn't exist. There are no logon events being logged by the DCs either. How can I troubleshoot this issue? Thanks! ![73027-image.png][1] [1]: /api/attachments/73027-image.png?platform=QnA

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,940 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,067 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Fan Fan 15,306 Reputation points Microsoft Vendor

    This issue occurs if the "Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting is enabled in Windows Vista or in Windows Server 2008. The policy setting can be enabled by using Group Policy or it can be enabled manually by modifying the registry.

    To resolve this issue, use one of the following methods, as appropriate for your situation.
    For more information , you can refer to :
    Similar case for your reference: