Domain Configuration Check does not audit the AllValidatedWrites property. (NETIQKB52052)

  • Document ID:7752052
  • Creation Date:02-Feb-2007
  • Modified Date:15-Mar-2013
    • Micro Focus Products:
      Change Guardian

Environment

NetIQ Group Policy Guardian 2.0 SP1

Resolution

fact
NetIQ Group Policy Guardian 2.0 SP1

symptom
Domain Configuration Check does not audit the AllValidatedWrites property.

symptom
Error: 'AllValidatedWrites property is not being audited.'

cause
You do not have the All Validated Writes permission enabled on the IPSec and Policies containers.

fix

To resolve this issue, enable All Validated Writes permissions on the IPSec and Policies containers.

To enable the IPSec SACL settings:

  1. Start Active Directory Users and Computers in Administrative Tools.
  2. On the View Menu, click Advanced Features.
  3. In the left pane, expand the domain controller node and navigate to System > IP Security.
  4. On the Action menu, click Properties.
  5. Select the Security tab.
  6. Click Advanced to display the Advanced Security Settings for IP Security window.
  7. Select the Auditing tab.
  8. Add the Everyone group.
  9. Set Apply onto to This object and all child objects.
  10. Select Successful for the following access operations:
    • Write All Properties
    • Delete
    • Delete Subtree
    • Modify Permissions
    • Modify Owner
    • All Validated Writes
    • Create All Child Objects
    • Delete All Child Objects
    • Note
    • Selecting Create All Child Objects and Delete All Child Objects selects additional create and delete access operations.
  11. Click OK twice.

To configure auditing for the Policies container:

  1. In the Active Directory Users and Computers tool, select Advanced Features.
  2. In the left pane, expand System> Policies.
  3. On the Action menu, click Properties.
  4. Select the Security tab.
  5. Click Advanced to display the Advanced Security Setting for Policies window.
  6. Select the Auditing tab.
  7. Add the Everyone Group.
  8. Set Apply onto to This object and all child objects.
  9. Select Successful for the following access operations:
    • Write All Properties
    • Delete
    • Delete Subtree
    • Modify Permissions
    • Modify Owner
    • All Validated Writes
    • Create All Child Objects
    • Delete All Child Objects
    • Note
    • Selecting Create All Child Objects and Delete All Child Objects selects additional create and delete access operations.
  10. Click OK twice.


Additional Information

Formerly known as NETIQKB52052