Windows Server 2000/2003 Thread, RM CC3 domain controller group policy option question in Technical; Our CC3 domain controllers have a policy whereby they only log security failure audit events, and not successes... this is ...
17th December 2013, 06:18 PM #1
RM CC3 domain controller group policy option question
Our CC3 domain controllers have a policy whereby they only log security failure audit events, and not successes... this is becoming an issue as our Palo Alto reads these logs looking for events 672, 673 and 675 to determine who is logged into a machine.
If I change the group policy to log success audit is the RM world going implode?
We've ended our support contract with RM now as we are going to be migrating in the summer away from RM, so I can't ask them!
17th December 2013, 07:04 PM #2
It should not cause any major issues with CC3. Your main concern will be log size, and therefore retention period. You will typically have at least 1 order of magnitude more success audits than failure audits, so you will reach the maximum log size much more quickly once they enabled, leading to a much shorter log retention period (unless you increase the maximum log size).
17th December 2013, 08:23 PM #3
Thanks for that. I've taken the plunge and we'll see what happens tomorrow...
By apur32 in forum Windows Server 2000/2003
Last Post: 26th May 2012, 02:12 PM
By M0MST in forum Windows Server 2008
Last Post: 4th November 2010, 11:02 AM
By bertster in forum Windows
Last Post: 15th September 2009, 12:41 PM
By Liam in forum How do you do....it?
Last Post: 24th October 2007, 01:49 PM
By woody in forum Windows
Last Post: 9th March 2007, 04:03 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)