2

I'm trying to change policies in Local Group Policy Editor under Computer Configuration > Windows Settings > Security Settings > Advance Audit Policy Configuration > System Audit Policy – Local Group Policy Object but using a PowerShell script.

auditpol /set /category:"Account Logon","Account Management","Detailed Tracking","DS Access","Logon/Logoff","Object Access","Policy Change","Privilege Use","System" /failure:enable /success:disable
gpupdate /force

The result of auditpol /get /category:* before and after executing that script differ and everything seems solved. However, when opening Local Group Policy Editor the changes are clearly not consolidated. After a reboot, running auditpol /get /category:* shows that nothing's differed from the first state (Not Configured).

It might also be worth noting that the OS is Windows Server 2016 Datacenter, not joined to any domain or organization. And changes made through the GUI in Local Group Policy Editor take effect permanently.

P.S. I'm aware that there is another question which might be related to this one, but it's not properly answered in any way.

Amir Maleki
  • 313
  • 1
  • 11
  • 1
    @BitcoinMurderousManiac The server is not joined to a domain nor has its image-embedded policy settings manipulated. I tried both of your recommendation and the problem still persists. The important thing is I can make permanent changes through the GUI, but through auditpol commands, nothing persists. – Amir Maleki Jun 11 '23 at 08:45
  • @BitcoinMurderousManiac You would even get an error trying the example in that documentation (without double quotes). Have you tried it yourself? – Amir Maleki Jun 12 '23 at 05:53
  • Nope, but sometimes you have to trust the vendor of the technology you are using as the subject matter experts. Since you said it does not work, I will take your word for it, but that was the obvious thing I noticed different wise when looking over those command examples from the vendor's site. I did not try it myself to reiterate again NO I did not. I was giving suggesting in a comment, I did not write you an answer at which point would have been validated on my side beforehand. I maintain thousands of GPOs on a daily basis for thousands of computers though, but NO I did not test it here. – Bitcoin Murderous Maniac Jun 12 '23 at 12:30
  • @BitcoinMurderousManiac So there has to be some other issue, maybe with the `auditpol` tool itself. Now my question is if it's possible to manipulate policies using the registry itself, instead of using tools and GUIs...? – Amir Maleki Jun 13 '23 at 09:20
  • 1
    Check this posted answer for a potential solution at that level. See the comment in the answer there for the document with the values since the answer itself has a broken link: https://superuser.com/questions/1059822/change-audit-policy-through-the-registry. I have not ever tried this myself but this could be a potential registry workaround.. – Bitcoin Murderous Maniac Jun 13 '23 at 10:38

0 Answers0