Re: Cannot see audit events in security log

• Previous message: Leon: "Re: Microsoft Security Center Warning"
• In reply to: Frank Thynne: "Cannot see audit events in security log"
• Next in thread: Frank Thynne: "Re: Cannot see audit events in security log"
• Reply: Frank Thynne: "Re: Cannot see audit events in security log"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 22 Nov 2004 04:23:05 GMT

If you enabled auditing of object access then you should see events in the
security log. Look for event ID's such as 560 and 562. Be sure to increase
the size of the security log quite a bit and clear the log first. Note that
if the security log is configured to not override events that the log will
not add any more events until it is manually cleared. --- Steve

"Frank Thynne" <fthynne@elmplace.co.uk> wrote in message
news:f5642ae5.0411211630.4831738a@posting.google.com...
> My client has a stand-alone Windows 2000 Professional computer. We are
> trying to establish auditing on a folder and its contents. We have
> turned on auditing in local policy and enabled success and failure
> auditing on objects. In the advanced section of the security
> properties of the folder we have set auditing for the Everyone group
> and specified that the property will be propagated to files and
> folders contained in it. We have verified that the property is
> inherited by a file copied into the folder.
>
> After doing those things, and accessing a file in the audited folder,
> we do not see anything relevant in the Security Event Log. I must be
> missing something obvious, but I do not know what it is! Can anyone
> advise?

• Previous message: Leon: "Re: Microsoft Security Center Warning"
• In reply to: Frank Thynne: "Cannot see audit events in security log"
• Next in thread: Frank Thynne: "Re: Cannot see audit events in security log"
• Reply: Frank Thynne: "Re: Cannot see audit events in security log"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: File auditing not working properly ... Try auditing only a specific folder first so that you can see how it works ... etc. Make sure your security log is large enough to keep the ... Event Type: Success Audit ... (microsoft.public.win2000.security) Re: Cannot see audit events in security log ... If auditing of object access for success and failure has been enabled in the ... Local Security Policy on that computer and auditing has been ... should be recorded in the security log after trying to access the folder as ... (microsoft.public.win2000.security) Re: auditing question - single file object access creates duplicate security log messages ... Windows object access auditing is based on handle usage. ... don't audit nicely with this architecture- they open ... > one audit message in the security log when a file is read. ... (microsoft.public.win2000.security) Re: Authentication Auditing ... > only show in the security log of the domain computer itself - not the ... > it indeed does show that auditing of logon events is enabled for success ... It is enabled but the effective setting dispalys as "No Auditing". ... (microsoft.public.win2000.security) Re: auditing on win2003 ... Maybe it just means it was not configured for auditing that category - object access. ... There are several categories to audit for the security log. ... but how the security log has records from before the change if the computer was not configured for auditing, is this some windows 2003 default that is not actually configured anywhere? ... (microsoft.public.windows.server.security)