DC Security Logs with Advanced Auditing

Description

SSO not authenticating via DC Logs and the Group Policy Objects are set to use advanced auditing.

Cause

When using Advanced Auditing from Group Policy the settings configured in Policies -> Windows Settings -> Security Settings -> Audit Policy - no longer take effect

Resolution

The following Event IDs need to be configured if using Advanced Auditing:


4624 - Audit Logon (located in Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration > Audit Policies -> Logon/Logoff -> Audit Logon)

Image

4768 - Audit Kerberos Authentication Service (located in Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration > Audit Policies -> Account Logon -> Audit Kerberos Authentication Service)

Image

4769 & 4770 - Audit Kerberos Service Ticket Operations (located in Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration > Audit Policies -> Account Logon -> Audit Kerberos Service Ticket Operations)

Image

4634 - Audit Logoff (located in Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration > Audit Policies -> Logon/Logoff -> Audit Logoff)

Image

4661 - Audit Kernel Object (located in Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration > Audit Policies -> Object Access -> Audit Kernel Object)

Image

Related Articles

  • SonicWall UTM throws an error : " Invalid Authentication " Error: SN and EPAID Do Not Match
    Read More
  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More

Categories

Firewalls
TZ Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall NSA Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo