Auditing Access to files??
From: Dan (.)
Date: 03/26/03
- Next message: Tony Su: "Certificate Server - Enterprise issue cert to non-Domain User?"
- Previous message: Tony Su: "ISA Server Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dan" <.> Date: Wed, 26 Mar 2003 12:14:11 -0700
I have set up object access auditing on a member server for access to files
only. Within about 10 minutes I will get 8000 + entries in the Security
Log, most of which have the info shown below.
Does anyone know what all this means? I only want to audit access to files,
not all this stuff. What am I missing?
Thanks,
Dan
Security Log Event Info:
Handle Closed:
Object Server: Security
Handle ID: 1040
Process ID: 2048
OR
Object Open:
Object Server: Security
Object Type: File
Object Name:
\Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume3\MSSQL7\Binn\sqlmang
r.exe
New Handle ID: 1040
Operation ID: {0,251967762}
Process ID: 2048
Primary User Name: Administrator
Primary Domain: MY DOMAIN
Primary Logon ID: (0x0,0x13B73)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses SYNCHRONIZE
Execute/Traverse
Privileges -
OR
Object Open:
Object Server: Security
Object Type: File
Object Name: \??\NAVAP
New Handle ID: 1208
Operation ID: {0,251967718}
Process ID: 992
Primary User Name: SQL1$
Primary Domain: MY DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses READ_CONTROL
SYNCHRONIZE
ReadData (or ListDirectory)
WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)
ReadEA
WriteEA
ReadAttributes
WriteAttributes
Privileges -
- Next message: Tony Su: "Certificate Server - Enterprise issue cert to non-Domain User?"
- Previous message: Tony Su: "ISA Server Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
