Re: File access auditing fills security log too fast

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/18/05

• Next message: Steven L Umbach: "Re: Complex Password policy doesn't set under the CP Applet..works fine from MMC"
• Previous message: Steven L Umbach: "Re: EFS -- Encrypting File System -- File recovery on another computer"
• In reply to: ParamusAdmin: "File access auditing fills security log too fast"
• Next in thread: Karl Levinson, mvp: "Re: File access auditing fills security log too fast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 18 Mar 2005 11:56:10 -0600

To add to what Roger suggested, check the security policy on your computer
for the security option for audit the access of global objects to make sure
that it is disabled which it is by default. That will not interfere with
normal auditing if disabled. -- Steve

"ParamusAdmin" <ParamusAdmin@discussions.microsoft.com> wrote in message
news:8839A676-F174-4B92-B388-7403204BD453@microsoft.com...
>I am attempting to enable file and application auditing to meet HIPAA
> compliance. The issue I am having is the security log fills up way to
> fast,
> eventually locking out all but administrators from logging on. I know I
> can
> disable this, but I would rather just audit when the file or app was
> accessed
> and by whom. I have been experimenting with the auditing settings, but no
> matter what I do, even opening one folder creates 10 security items in the
> event log. Does anyone have any tips on how to narrow down what is
> entered
> into the event log?

---

• Next message: Steven L Umbach: "Re: Complex Password policy doesn't set under the CP Applet..works fine from MMC"
• Previous message: Steven L Umbach: "Re: EFS -- Encrypting File System -- File recovery on another computer"
• In reply to: ParamusAdmin: "File access auditing fills security log too fast"
• Next in thread: Karl Levinson, mvp: "Re: File access auditing fills security log too fast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: auditing ... Enable auditing of account management will log the creation and changes to ... You can audit Directory Service access to audit OU's. ... This security setting determines whether to audit each event of account ... For specific instructions about how to configure auditing policy settings, ... (microsoft.public.win2000.active_directory) Re: XPP on Domain - can I make Directories private - even from Admin? ... You must enable Auditing for the machine. ... You must specify what to audit. ... Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box. ... (microsoft.public.windowsxp.general) Re: Deleting shortcuts when they are for a C: program ... Nothing to do with security works in Home but if you boot to safe mode security becomes available. ... Maybe auditing becomes available too. ... Set auditing for just this file. ... You must specify what to audit. ... (microsoft.public.windowsxp.general) Re: SBS "Newbie" question - viewing logins ... THANKS for the help - are these audits set in the security event log? ... first "success audit". ... (microsoft.public.windows.server.sbs) Re: File Auditing Question ... I'd like to start auditing some files so I decided to do a test audit on ... In Local Security Settings under Audit Policy I set Audit object ... Auditing and added myself, successful, List Folder/Read Data. ... (microsoft.public.windowsxp.security_admin)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2005-03