To enable auditing on a Windows 2000 domain

1. On a computer with administrative access to the Windows 2000 domain, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. In the console tree, right-click Domain Controllers, and then click Properties.
3. On the Group Policy tab , click Default Domain Controller Policy, and then click Edit.
4. In the Group Policy console tree, double-click Audit policies.

   Where?

   • Computer Configuration
   • Windows Settings
   • Security Settings
   • Local Policies
   • Audit policies
5. Right-click Audit account management, and then click Security.
6. Select the Success and Failure check boxes, and then click OK.
7. Using Active Directory Sites and Services, replicate the changed Group Policy object to all domain controllers in the domain or wait for the normal replication cycle.

Notes

• You must be logged on as an administrator or a member of the Aministrators group in order to complete this procedure.
• To apply the new Group Policy on every domain controller in the domain, run the Secedit tool with the /refreshpolicy machine_policy command line option on each domain controller.
• For information about forcing replication, see Windows 2000 Server Help.