How do you check to confirm the audit policies have been applied to the monitored workstations?
Log in to any computer with domain admin credentials.
Go to Start and type in "Command Prompt". Right-click Command Prompt, and select Run as administrator.
Type in “gpresult /S <monitored computer> /F /H a.html”.
Ensure that all the audit policy settings and security log settings are in place.
How to check if the monitored events are being logged in workstations
Log in to any computer with domain admin credentials.
Go to Start ;> Run. Type in "eventvwr.msc".
In the Event Viewer window, right-click on the event viewer in the top-left corner and select Connect to Another Computer. In the Select Computer window that opens, check Another computer and type in the machine name whose events you want to verify. Click Browse, type in the machine name, and click OK.
Click Windows Logs > Security.
Right-click Security, then select Filter Current Log...
Monitor the desired event ID by entering details such as event logged time or the exact event ID under the <All event ID> text box.
Close the window once you’ve verified that events are being logged in your workstations.
