Can not set audit policy settings in windows 8.1, no matter what I do

Question

I am totally unable to change the settings for "Audit account logon events", "Audit account management", and "Audit log on events" in Local Group Policy Editor no matter what I do. I have followed this article: https://support.microsoft.com/en-us/kb/921468 but when I want to follow the first method, and I want to change some settings via "Win +R" => run => rsop.msc ==> which results in "resultant set of policy" all the options are totally greyed out and nothing can be changed in resultant set of policy editor application.

What should I do? I only need to audit log ons and log offs.... please help me

;(((

PS: can this all be the cause of some other policy setting that is configured in a bad way, or probably a corrupt policy file somewhere on the machine??

You are aware the the link you quote says: "Applies to
Windows Vista Ultimate Windows Vista Business Windows Vista Enterprise Windows Server 2008 Standard Windows Server 2008 Enterprise Windows Server 2008 Datacenter "? I don't see Windows 8.1 in that list. — DavidPostill, Nov 06 '15 at 15:36
Can some one, with moderation or administration privilege on this website, please edit the title of the question?? cause instead of audit I seem to have typed in sudit!!!! sorry — JackBixuis, Nov 06 '15 at 15:37
@DavidPostill : ooops! yeah you are right, but I assumed maybe this could be applicable to windows 8.1 as well cause I could not find any thing in relation to my 64bit windows. but yes you are totally right, it doesn't say windows-8.1 anywhere. — JackBixuis, Nov 06 '15 at 15:38
@ Ƭᴇcʜιᴇ007 : yes, I am using windows 8.1 Enterprise 64bit edition. — JackBixuis, Nov 06 '15 at 15:41
My answer Windows 7 (Home Premium): eventvwr.exe: How to log workstation locking and unlocking and screensaver invoked and dismissed events should work for Windows 8.1 Enterprise. — DavidPostill, Nov 06 '15 at 15:43
@DavidPostill note: From the Win 2012 GP version of that setting "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings." :) — Ƭᴇcʜιᴇ007, Nov 06 '15 at 15:43
@Ƭᴇcʜιᴇ007 Yeah, missed that bit ;) My link shows how to do it with gpedit — DavidPostill, Nov 06 '15 at 15:45

score 0 · Answer 1 · answered Nov 06 '15 at 15:47

0

"which results in "resultant set of policy" all the options are totally greyed out and nothing can be changed in resultant set of policy editor application."

RSOP shows you the results of GP as applied to that system; it's a report, you can't actually edit anything in there.

You'd use the Group Policy Object Editor (GPedit.msc) to actually edit GP.

From your linked article: "disable the policy setting by using Group Policy Object Editor."

answered Nov 06 '15 at 15:47

Ƭᴇcʜιᴇ007

112,807

Thank you, I have already disabled that through registry and the Group Policy Editor, but I don't know why after I restart the computer, the auditing settings magically keep reverting back to not configured. – JackBixuis Nov 06 '15 at 15:49
Is this machine on a domain? Does RSOP show it being applied properly? It's a computer-level GP, so did you link it to a container (OU or alike) that contains the computer(s) you wish for it to apply to? – Ƭᴇcʜιᴇ007 Nov 06 '15 at 15:52
No, it is not a part of a domain, at least not to my knowledge or recollection. No RSOP doesn't show that either the "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" or any of the audit settings are changed at all, in RSOP everything in relation to my needs reports "Not Defined"... and everything is greyed out. – JackBixuis Nov 06 '15 at 15:56

score 0 · Answer 2 · edited Mar 20 '17 at 10:17

0

What must I do to enable logging of Logon Session Events?

Use the Group Policy Editor (gpedit.msc) to enable auditing of Account Logon Events in the Windows Security Event Log.

Note: Windows Starter Edition, Home and Home Premium do not include gpedit.msc. Instructions to install it are in this answer https://superuser.com/a/991644/337631.

To enable auditing of Account Logon Events:

Run gpedit.msc
Select "Windows Settings" > "Security Settings" > "Local Policies" > "Audit Policy"
Right click "Audit account logon events" and select "Properties"
Check "Success" and "Failure" as appropriate, then click "OK"

edited Mar 20 '17 at 10:17

Community

1

answered Nov 06 '15 at 15:50

DavidPostill

156,873

I have already done this, like a lot of times, but unfortunately the settings keep reverting back after system is restarted. – JackBixuis Nov 06 '15 at 15:53
Presumably there are domain policies overriding your local policies. Please speak to your Domain Administrator. – DavidPostill Nov 06 '15 at 15:55
dearest sir, this is a laptop machine that I myself own, and I am not a member of any companies or agencies that might need to set this policy setting. I am a university student. and I did not recieve this laptop from the university or the college, I just simply bought it, in cache, on my own, in my hometown. :) – JackBixuis Nov 06 '15 at 15:58
@AbrahamLincool You bought it with Windows 8.1 Enterprise? That can't be right, as Enterprise is only available via Volume Licencing. Or are you using a trial version or Enterprise or something? It should work as David as suggested,. – Ƭᴇcʜιᴇ007 Nov 06 '15 at 16:56
@Ƭᴇcʜιᴇ007 : No it came with a windows 7, I bought windows 8.1 license myself, and installed a whole new system. And yes I imagine, normally, it has to work the way David suggested, but in a very magical way it doesn't. I mean it does work, but after the system is restarted, all things revert back to not configured.... – JackBixuis Nov 06 '15 at 17:00

Can not set audit policy settings in windows 8.1, no matter what I do

2 Answers2

What must I do to enable logging of Logon Session Events?

Linked