Re: Audit file/folder access

Hi Johan !

First, thank you for your time !

For the folder I want to audit, I use a more restrictive group than
Everyone, so I have only a specified group of users to be audited...

My problem is that before adding any audit using NTFS security, many many
log entries appears in Event Log.... I don't want those entries...

Any idea ?

"Johan Engdahl" <johan@xxxxxxxxxxxx> a écrit dans le message de news:
OlLUj2sTHHA.4276@xxxxxxxxxxxxxxxxxxxxxxx
You choose what file or folder you wish to audit and using NTFS security
tab, auditing tab and choose for Everyone what to audit. Unfortunately
Systemaccount is also included in Everyone so you won´t get rid of those
entries.

--
----------------------------------------------------------------------------------------------------------------------------
Johan Engdahl
CCSA, CCSE, CCA, MCP | johan AT firewall1 DOT nu | http://www.firewall1.nu

"Hugo" <hugorobichrg@xxxxxxxxxxxxxx> wrote in message
news:uKaUI3rTHHA.3980@xxxxxxxxxxxxxxxxxxxxxxx
Hi Everyone !

I activated "Audit Object Access" with "Success and Failure" in a GPO for
one of my server. Without configuring any File/Folder for Audit (or any
other objects), my Security Event Log is filling up with files access
(normal user and System) for file access on C: and D: drives and registry
access for System user !!!

What can I do to not have those events in my event log ?

I want to monitor only one directory on D: drive...

Any idea ?

Thank you !

Hugo

PS: Sorry for my bad english, I'm french speaking !





.

Relevant Pages

  • Re: SBS "Newbie" question - viewing logins
    ... THANKS for the help - are these audits set in the security event log? ... first "success audit". ...
    (microsoft.public.windows.server.sbs)
  • Re: Security Event Log (audit object access) logging too much?
    ... >I did not get the results I anticipated in the event log. ... >the workstation the actual file being accessed remotely. ... >memory - and that delete is also logged in the Security log. ... can I audit only changes & deletes to files like I ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Service Restart - (Client - Server Architecture)
    ... and then click Local Security Policy. ... click Security Settings, click Local Policies, and then click Audit ... Double-click Audit Logon Event and then click Success and Failure. ... Event Log entries are added under the Security log. ...
    (microsoft.public.dotnet.languages.csharp)
  • Windows 2003 Server - Event ID: 673 help
    ... I have a Windows 2003 Standard Server setup as a Root Forest with internal ... exception of the Security event log, every 30 successfull audit events, ... there is a "Failed audit" event is generated. ... Service Ticket Request: ...
    (microsoft.public.win2000.security)
  • Re: Access is denied when calling a remote serviced component (framework 1.1->1.0 issue)
    ... Audit Account logon event ... Start/Control panel/Administrative Tools/Local Security Policy/ ... After that we should find some events in the Security Log in the event log. ...
    (microsoft.public.dotnet.framework.aspnet)