Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Security auditing settings are not applied to Windows Vista-based and Window Server 2008-based computers when you deploy a domain-based policy
Article ID: 921468 - View products that this article applies to.
Consider the following scenario. You deploy a domain-based policy to configure security auditing settings on Windows Vista-based or Windows Server 2008-based computers in an Active Directory directory service domain. You run the Resultant Set of Policy (RSoP) tool on one of the Windows Vista-based or Windows Server 2008-based computers. When you do this, the RSoP tool indicates that the policy is being applied. However, the policy is not actually applied to one or more Windows Vista-based or Windows Server 2008-based computers.
This issue occurs if the "Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting is enabled in Windows Vista or in Windows Server 2008. The policy setting can be enabled by using Group Policy or it can be enabled manually by modifying the registry.
To resolve this issue, use one of the following methods, as appropriate for your situation.
Method 1: Disable the policy setting by using Group Policy Object EditorVerify that the policy setting was enabled by using Group Policy, and then disable the policy setting by using Group Policy Object Editor. To do this, follow these steps:
Method 2: Disable the policy setting by using Registry EditorImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756To manually disable the policy setting by using Registry Editor, follow these steps:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
Windows Vista and later versions of Windows enable you to manage audit policies in a more precise manner by using audit policy subcategories. If you configure audit policies at the category level, you override audit policy subcategories.
If you want to manage audit policies by using audit policy subcategories, and you do not want to use Group Policy, you can configure the SCENoApplyLegacyAuditPolicy registry entry. When you configure the SCENoApplyLegacyAuditPolicy registry entry, you prevent category-level audit policies that were configured by using either Group Policy or the Local Security Policy tool from being applied.
However, be aware that the policy setting may not be enforced if a different policy is configured to override the category-level audit policy. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/921469/ )How to use Group Policy to configure detailed security auditing settings for Windows Vista client computers in a Windows Server 2003 or Windows 2000 domain
Article ID: 921468 - Last Review: November 13, 2006 - Revision: 2.5