Re: Audit file/folder access
- From: "Johan Engdahl" <johan@xxxxxxxxxxxx>
- Date: Mon, 12 Feb 2007 18:45:49 +0100
You choose what file or folder you wish to audit and using NTFS security
tab, auditing tab and choose for Everyone what to audit. Unfortunately
Systemaccount is also included in Everyone so you won´t get rid of those
entries.
--
----------------------------------------------------------------------------------------------------------------------------
Johan Engdahl
CCSA, CCSE, CCA, MCP | johan AT firewall1 DOT nu | http://www.firewall1.nu
"Hugo" <hugorobichrg@xxxxxxxxxxxxxx> wrote in message
news:uKaUI3rTHHA.3980@xxxxxxxxxxxxxxxxxxxxxxx
Hi Everyone !
I activated "Audit Object Access" with "Success and Failure" in a GPO for
one of my server. Without configuring any File/Folder for Audit (or any
other objects), my Security Event Log is filling up with files access
(normal user and System) for file access on C: and D: drives and registry
access for System user !!!
What can I do to not have those events in my event log ?
I want to monitor only one directory on D: drive...
Any idea ?
Thank you !
Hugo
PS: Sorry for my bad english, I'm french speaking !
.
- Follow-Ups:
- Re: Audit file/folder access
- From: Hugo
- Re: Audit file/folder access
- References:
- Audit file/folder access
- From: Hugo
- Audit file/folder access
- Prev by Date: Re: Difficult password situation
- Next by Date: Re: Audit file/folder access
- Previous by thread: Audit file/folder access
- Next by thread: Re: Audit file/folder access
- Index(es):
Relevant Pages
|
