Re: Auditing
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/07/05
- Next message: Herb Martin: "Re: Being logged on as admin and user at the same time (in XP)?"
- Previous message: Peretz Stern: "Auditing"
- In reply to: Peretz Stern: "Auditing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 6 Jan 2005 23:43:29 -0600
You need to enable auditing of object access first before folder auditing
will work. You need to do that in the appropriate security policy - local,
domain, or OU for the computer. Usually Local Security Policy will work
[secpol.msc] unless this is a domain controller in which case use Domain
Controller security Policy. After doing such you should start seeing Event
ID's 560 and 562 in the security log. Be sure to increase the size of the
security log quite a bit to sat around 10MB. The link below may help. ---
Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;300549
"Peretz Stern" <peretzstern@optonline.net> wrote in message
news:%23mrDwpH9EHA.3840@tk2msftngp13.phx.gbl...
>I placed an audit on delete successful/unsuccessful on a folder recently. I
> noticed that a few days later it was tampered with. I looked in my event
> logs and didn't seem to find anything did I miss it or is it in another
> place? any help is appreciated.
>
- Next message: Herb Martin: "Re: Being logged on as admin and user at the same time (in XP)?"
- Previous message: Peretz Stern: "Auditing"
- In reply to: Peretz Stern: "Auditing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
