Re: Many events in Security log
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/19/05
- Next message: Steven L Umbach: "Re: Need Help: keeping track of workstation hardware"
- Previous message: Dragon: "Re: Need Help: keeping track of workstation hardware"
- In reply to: Jörg Baas: "Re: Many events in Security log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Apr 2005 12:44:45 -0500
If you do not want those events then disable auditing in "Domain Controller
Security Policy" which is where you manage auditing for domain controllers.
After doing that and running gpupdate on your server it should reflect your
changes in Local Security Policy [secpol.msc] I suggest that you leave
auditing for account logon events but that is up to you. Since you can not
access Task Manager at the time when the computer apparently freezes, do it
on a periodic basis to see if memory use is increasing as time goes by and
what process is causing it. --- Steve
"Jörg Baas" <jbaas@despammed.com> wrote in message
news:3ck2s2F6mtv32U1@individual.net...
> Thaks Steven
> It's a domain controller (Windows 2003) and there are no auditing settings
> in the policy. I switched them off!
> It not helps me to limit the log to 10MB, I don't want all these events.
> Why the system has to logon/logoff every 30s? I think this not normal.
> There is enough space on disk.
> When the system is unresponsive, I do not have the chance to check the
> Task Manager.
> Did nobody experienced this problem?
>
> Jörg
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> schrieb im Newsbeitrag
> news:eRUjBMLRFHA.1500@TK2MSFTNGP09.phx.gbl...
>> Those events indicate that you have auditing enabled for logon events and
>> privilege use. Take a look in Local Security Policy [ secpol.msc] to see
>> what it shows. For Windows 2000 look at the effective setting assuming
>> this is a domain computer. If you do not want to audit those events set
>> the policy to disabled and not undefined. It is a good idea to audit
>> logon events but privilege use, object access, and process tracking
>> generally should not be routinely be enabled. Unless you have a need to
>> do otherwise, configure the security log to overwrite events as needed
>> and set the size of the security log to 10MB. I tend to doubt that your
>> problem resolved by rebooting is related to auditing configuration but
>> you never know. Next time it is sluggish check your free disk space and
>> memory and cpu usage with Task Manager. You may have a memory leak that
>> is fixed by a reboot where a process continues to use more and more
>> memory as time goes by. Task Manager can show memory usage by
>> rocess. --- Steve
>>
>>
>> "Jörg Baas" <jbaas@despammed.com> wrote in message
>> news:3cjo81F6og11fU1@individual.net...
>>> Hi NG!
>>> We have a lot of audit events (ervery 30s) in the security log (ID 576,
>>> 540, 538), but there are no audit setting ( in the policy). Then every 2
>>> days we have to reboot the server because it become unresponsive.
>>> It's a 2003 server with Terminal server in application mode.
>>> What should I do?
>>> Thanks for any help
>>>
>>> Jörg
>>>
>>>
>>>
>>
>>
>
>
- Next message: Steven L Umbach: "Re: Need Help: keeping track of workstation hardware"
- Previous message: Dragon: "Re: Need Help: keeping track of workstation hardware"
- In reply to: Jörg Baas: "Re: Many events in Security log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
