Gpo Auditing Settings Not Listed Properly In Local Security Settings

[scottrosenblatt973]

If I use a GPO to configure the auditing of object access on a 2k8R2 server and then check the Local Security Policy of that server, the setting for Audit Object Access (Security/Local/Audit) is listed with a different icon than the rest (the changed icon indicates the settings are in fact being received from GPO) but the Security Setting column does not correctly reflect the policy applied settings (Success, Failure). Instead, it just says No Auditing, just like all the other options that were not set via GPO.

 

If I double-click on the Audit Object Access setting, the options to configure are grayed out (as they should be) since they're being applied via GPO. So the GPO settings are in fact active but the fact that it doesn't list Success, Failure creates the following problem for me:

 

I use a program called FileAudit to audit the 2k8R2 in question. The first thing FileAudit does is it looks at the Local Security Policy to see if auditing is enabled or not on the audited machine. When FileAudit sees "No Auditing" instead of "Success, Failure" it fails to work- even though behind the scenes the auditing has been enabled via the GPO. Support from FileAudit has not been able to resolve this since ultimately the issue lies within Windows Server and not their software.

 

NOTE: This only occurs with the AUDITING settings. Any other changes to the GPO are correctly listed in the Local Security Policy after running gpupdate. So this problem is specific to just the auditing settings being applied- any other changes get the changed icon and grayed out options but also properly list the applied settings. This is what I need to accomplish for the auditing settings to get FileAudit to work.

 

So anyone have a clue here? I've googled the heck out of this and came up empty. I really need to get this fixed in order to have the auditing program work! Any and all advice is greatly appreciated and I thank any and all responders in advance.

 

Below is a screen shot of what I'm referring to- where the icon is different but the details are incorrect.

 

.

Edited February 9, 2014 by AWS

[mmthomas]

If you run RSOP.msc on that machine, does the setting show correctly or not and either way does is show the correct GPO name for the setting? You may have a policy that isn't applying correctly or fully. You might also try creating a second policy that sets the same thing.

[gw1966]

I am having same issue. my 2008 64 bit servers that are part of my 2003 32 bit Domain do not seem to receive the GPO for auditing and the are greyed out, see screnshots, anyone have any ideas why?

 

Grant.

[ICTCity]

First of all, open Group Policy Management and run a NEW RESULTANT GROUP POLICY. Select the computer which has this problem and wait until the process is completed.

 

Check if there's any error or some policies are not applied (if a policy is not applied there's a reason on the right column).