Windows 2012 R2 域控服务器,DC上的审核日志被清空。相关日志信息如下
Event ID 1102
Task Category: Log clear
The audit log was cleared.
Subject:
Security ID: XXX
Account Name: XXX
Domain Name: XXX
Logon ID: 0x7eec2a3
您好!
建议您参考以下文档查看Domain Name的来源是否是当前的域。
1102(S): The audit log was cleared
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-1102?f=255&MSPPError=-2147217396
此外,我们可以尝试下从配置角度排查,看下DC上如图中所示组策略的审核策略和高级审核策略的启用状态。
此致,
Alvin Wang
Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.