Go Up
You are here: ConfigurationConfigure IT InfrastructureActive DirectoryConfigure Basic Domain Audit Policies

Configure Basic Domain Audit Policies

Basic audit policies allow tracking changes to user accounts and groups and identifying originating workstations. You can configure advanced audit policies for the same purpose too. See Configure Advanced Audit Policies for more information.

  1. Open the Group Policy Management console on any domain controller in the target domain: navigate to Start Windows Administrative Tools (Windows Server 2016) or Administrative Tools (Windows 2012 R2 and below) Group Policy Management.

  2. In the left pane, navigate to Forest: <forest_name> Domains <domain_name> Domain Controllers. Right-click the effective domain controllers policy (by default, it is the Default Domain Controllers Policy), and select Edit from the pop-up menu.

  3. In the Group Policy Management Editor dialog, expand the Computer Configuration node on the left and navigate to Policies Windows Settings Security Settings Local Policies Audit Policy.
  4. Configure the following audit policies.

    Policy Audit Events

    Audit account management


    Audit directory service access


    Audit logon events


    NOTE: The Audit logon events policy is only required to collect the information on the originating workstation, i.e., the computer from which a change was made. This functionality is optional and can be disabled.

  5. Navigate to Start Run and type "cmd". Input the gpupdate /force command and press Enter. The group policy will be updated.

Go Up