Updating Group Policies

First, make sure Group Policy Management feature is enabled on the Cygna Auditor host. To enable it, navigate to Server Manager, in the upper-right corner select Manage / Add roles and features and then specify Group Policy Management option on the Features tab in the dialog.

To enable Cygna Auditor to collect audit data, configure the following settings in the Group Policy Management console.

  1. In the Group Policy Management console, locate the Default Domain Controllers policy, right-click it and select Edit.

  2. Update the policies as described below:

    1. Path: Computer Configuration / Policies / Windows Settings / Security Settings / Account Policies/ Account Lockout Policy

      GROUP POLICY

      POLICY SETTINGS

      Account lockout duration

      30 minutes

      Account lockout threshold

      5 invalid logon attempts

      Reset account lockout counter after

      30 minutes

    2. Path: Computer Configuration / Policies / Windows Settings / Security Settings / Local Policies / Audit Policy

      GROUP POLICY

      POLICY SETTINGS

      Audit account management

      Success, Failure

      Audit directory service access

      Success, Failure

      Audit object access

      Success, Failure

    3. Path: Computer Configuration / Policies / Windows Settings / Security Settings / Advanced Audit Policy Configuration / Audit Policies / DS Access

      GROUP POLICY

      AUDIT EVENTS

      Audit Directory Service Changes

      Success, Failure

    4. Path: Computer Configuration / Policies / Windows Settings / Security Settings / Advanced Audit Policy Configuration / Audit Policies / Account Management

      GROUP POLICY

      AUDIT EVENTS

      Audit Computer Account Management

      Success, Failure

      Audit User Account Management

      Success, Failure

      Audit Distribution Group Management

      Success, Failure

      Audit Security Group Management

      Success, Failure

    5. Path: Computer Configuration / Policies / Windows Settings / Security Settings / Advanced Audit Policy Configuration / Audit Policies / Logon/Logoff

      GROUP POLICY

      AUDIT EVENTS

      Audit Account Lockout

      Success, Failure

    6. Path: Computer Configuration / Policies / Windows Settings / Security Settings / Advanced Audit Policy Configuration / Audit Policies / Account Logon

      GROUP POLICY

      AUDIT EVENTS

      Audit Kerberos Authentication Service

      Failure

  3. Run gpupdate /force in the command prompt.