Event View Question

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I have configured the Domain as follows:

Domain Shared Folder Called Files

Auditing Enabled
Everyone Group
All Actions Success & Failures To Be Audited

Domain Group Policy Object

Security Settings > Event Logs > Retain All For 7 Days
Security Settings > Account Policies > Audit Object Access For Success & Failure
Security Settings > User Rights Assignments > Generate Security Audits Eveyone Group
Security Settings > User Rights Assignments > Manage Auditing & Security Log Administrators Group

I have then run a gpudate on the server and restarted my two XP workstations. I then try and delete some files in the \\Server1\Files and this gets denied, which should generate an audit log.

I go to the Event Viewer (Local) on the Server (logged in as Administrator) and check the Security Logs, and nothing is there for the XP workstations only the Server. Which I figure is correct as its the Event Viewer (Local)

So I try and connect to Another PC using Event Viewer and I recieve the Message 'Access Is Denied'

I can connect using Computer Management to the XP workstation, when I go to access the Event Viewer, it states 'Access Is Denied'.

Does anyone know which GPO I need to enable to view the Event Log on another PC? and also is this the correct way to view Event Logs on a Workstation?

Thanks in advance for your help!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This is clearly a permission issue, I'd look at the permissions carefully and alter as appropriate. I did have a similar issue at work once and it took me and another colleague a good few days to figure out the culprit after much hacking at it

 

That is exactly what I was thinking. I believe I have pretty much everything set up OK to record the Event Logs.

Going to have a dig around later tonight and check the Administrator permissions to connect to a different PC on the network.

 

Couldn't wait until tonight, this is bugging me

Just checked a few Permissions, which are as follows:

Domain Group Policy Object

Security Settings > User Rights Assignments > Access This Computer From The Network Administrators & Remote Desktop Users

Going to have a look at Firewall Settings as well, as I'm wondering if this could be blocking the connection.

Any other ideas would be appreciated

 

as a work round try making your self a local administrator on the machine you want to audit. I had a case yesterday where my domain admin credentials weren't being recognised but if I created a local user with admin credentials it was accepted.

 

Figured it out!

You are unable to connect to other computers using the Built In Admin account. When I assigned another Admin account with the Enterprise Admin, Domain Admin permissions, voila it worked