Desktop.ini auditing filling event logs
From: rcurley (rcurley_at_stewartmarchman.org)
Date: 07/29/05
- Next message: Malke: "Re: safe mode antivirus"
- Previous message: Roger Abell: "Re: BMP Processor overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Jul 2005 07:33:37 -0700
I have enabled auditing on a directory and all of its subdirectories
and files, for a location where users My Documents have been
redirected. I have set auditing for Change Permissions, Take
Ownership, Write Attributes, and Write Extended Attributes. However,
my security log on that machine is being filled with "Object Access"
entries referring to Accesses of ReadAttributes and WriteAttributes.
For the normal user, this is happening for only their redirected
folder. For the few in the domain admins group, there is an Accesses
entry with READ_CONTROL, ReadData (or ListDirectory) and ReadEA in
addition to the previoius two, for everyone's desktop.ini file in their
redirected users. This is really filling up the log files, making
auditing very difficult. Any ideas or help would be greatly
appreciated.
Rich C.
- Next message: Malke: "Re: safe mode antivirus"
- Previous message: Roger Abell: "Re: BMP Processor overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
