Security Log Multiple Success/Failure Audit records
From: Armyeric (Armyeric_at_discussions.microsoft.com)
Date: 08/19/05
- Next message: Steven L Umbach: "Re: Security Log Multiple Success/Failure Audit records"
- Previous message: Dan: "Re: Local Security Settings"
- Next in thread: Steven L Umbach: "Re: Security Log Multiple Success/Failure Audit records"
- Reply: Steven L Umbach: "Re: Security Log Multiple Success/Failure Audit records"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Aug 2005 09:16:09 -0700
I get the following events from my all my users...they are paired with a
success and a failure. I am not sure how to read them and make them stop.
Any advice would be welcome.
Thanks, Eric
Success Audit
Object Open:
Object Server: Microsoft Exchange
Object Type: Microsoft Exchange Database
Object
Name: /O=RGA/OU=ROCKFORD/cn=Configuration/cn=Servers/cn=MMEXG/cn=Microsoft
Private MDB
New Handle ID: 0
Operation ID: {0,11128078}
Process ID: 3164
Primary User Name: MMEXG$
Primary Domain: ROCKFORD
Primary Logon ID: (0x0,0x3E7)
Client User Name: Recover1
Client Domain: ROCKFORD
Client Logon ID: (0x0,0xA9CCFA)
Accesses -
Privileges -
Properties:
Unknown specific access (bit 8)
Create public folder
Create named properties in the information store
And the Failure Audit:
Object Open:
Object Server: Microsoft Exchange
Object Type: Microsoft Exchange Database
Object
Name: /O=RGA/OU=ROCKFORD/cn=Configuration/cn=Servers/cn=MMEXG/cn=Microsoft
Private MDB
New Handle ID: 0
Operation ID: {0,11128079}
Process ID: 3164
Primary User Name: MMEXG$
Primary Domain: ROCKFORD
Primary Logon ID: (0x0,0x3E7)
Client User Name: Recover1
Client Domain: ROCKFORD
Client Logon ID: (0x0,0xA9CCFA)
Accesses Unknown specific access (bit 8)
Privileges -
Properties:
DELETE
Modify public folder quotas
Unknown specific access (bit 1)
Unknown specific access (bit 4)
Administer information store
ACCESS_SYS_SEC
%{d74a8774-2289-11d3-aa62-00c04f8eedd8}
--- Mail-enable public folder WRITE_DAC SYNCHRONIZE Unknown specific access (bit 9) Unknown specific access (bit 11) Unknown specific access (bit 12) Modify public folder deleted item retention DELETE READ_CONTROL Unknown specific access (bit 0) Unknown specific access (bit 1) Unknown specific access (bit 2) Unknown specific access (bit 3) Unknown specific access (bit 4) Modify public folder expiry DELETE READ_CONTROL WRITE_DAC WRITE_OWNER Unknown specific access (bit 0) Unknown specific access (bit 1) Unknown specific access (bit 2) Unknown specific access (bit 3) Unknown specific access (bit 4) Unknown specific access (bit 5) Modify public folder replica list View information store status DELETE READ_CONTROL WRITE_DAC WRITE_OWNER Unknown specific access (bit 0) Unknown specific access (bit 1) Unknown specific access (bit 2) Unknown specific access (bit 3) Unknown specific access (bit 4) Unknown specific access (bit 5) Create top level public folder Unknown specific access (bit 0) Unknown specific access (bit 8) Modify public folder ACL ACCESS_SYS_SEC MAX_ALLOWED Modify public folder admin ACL
- Next message: Steven L Umbach: "Re: Security Log Multiple Success/Failure Audit records"
- Previous message: Dan: "Re: Local Security Settings"
- Next in thread: Steven L Umbach: "Re: Security Log Multiple Success/Failure Audit records"
- Reply: Steven L Umbach: "Re: Security Log Multiple Success/Failure Audit records"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
