andyferris
IS-IT--Management
I need to retrieve weekly reports of failed user logins from our Win2016 Domain Controllers.
The problem is that the event logs are filling up within minutes with Directory Service Access entries.
I have checked the Default Domain Controllers GPO and Auditing of Directory Service Access was not configured. I disabled it and also disabled "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" on the advice from here: , then did a gpresult /force.
I then did a Group Policy Result and it shows that the setting is being applied, but the logs still fill up within seconds. They are set at about 128mb. I increased to 1Gb but it still fills up within minutes.
Now here is the thing: All the Directory Service entries are for accessing our Exchange server. I have looked at the logs there and there are corresponding entries.
My questions are: How to do I break the link between the two event logs? or Can I safely switch of this logging on the Exchange server?
Thanks
Andy
The problem is that the event logs are filling up within minutes with Directory Service Access entries.
I have checked the Default Domain Controllers GPO and Auditing of Directory Service Access was not configured. I disabled it and also disabled "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" on the advice from here: , then did a gpresult /force.
I then did a Group Policy Result and it shows that the setting is being applied, but the logs still fill up within seconds. They are set at about 128mb. I increased to 1Gb but it still fills up within minutes.
Now here is the thing: All the Directory Service entries are for accessing our Exchange server. I have looked at the logs there and there are corresponding entries.
My questions are: How to do I break the link between the two event logs? or Can I safely switch of this logging on the Exchange server?
Thanks
Andy