Re: Success Audit (about 50/minute!)
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/10/02
- Next message: Karl Levinson [x y] mvp: "Re: Attaching files to E-MAIL"
- Previous message: Jason: "Slow internet - mysterious typing"
- In reply to: Max Harvey: "Success Audit (about 50/minute!)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Tue, 10 Dec 2002 14:37:34 -0500
You want to change your auditing settings to not audit so many successes.
You do have to be careful what you enable auditing on. If these are
successful file accesses being audited, then you can remove file success
access auditing by right-clicking on the files or folders, Select
Properties, Security, Advanced, Auditing.
http://securityadmin.info/faq.htm#auditing
"Max Harvey" <it@smc.ac.nz> wrote in message
news:008001c2a082$5cc4cff0$d7f82ecf@TK2MSFTNGXA14...
> Hi,
> Whenever my laptop (WinXP Pro) is connected to our
> network, I get a Success Audit entry in the security log
> every second or so. This means that after not to long the
> log is filled up, and next time I log on I have to log on
> as the administrator and wipe the log.
>
> This means I don't notice more important entries, and it
> is also a pain loging in as the admin, just so I can then
> log in as a user.
>
> I can't get to the help page directly from the log viewer,
> as it doesn't reconise my connectin to the internet
> (though I-explorer does).
>
> The info it was going to report to MS, if it was able to,
> is listed below... anybody have any clue where my
> configuration is wrong?
>
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Object Access
> Event ID: 560
> Date: 10/12/2002
> Time: 10:50:49 a.m.
> User: ANDROMEDA\Administrator
> Computer: ANDROMEDA
> Description:
> Object Open:
> Object Server: Security
> Object Type: File
> Object Name: \Device\{7947E165-40CB-4D56-B251-
> 90412566123D}
> Handle ID: 432
> Operation ID: {0,264074}
> Process ID: 1148
> Image File Name: C:\WINDOWS\explorer.exe
> Primary User Name: Administrator
> Primary Domain: ANDROMEDA
> Primary Logon ID: (0x0,0x26B28)
> Client User Name: -
> Client Domain: -
> Client Logon ID: -
> Accesses: READ_CONTROL
> SYNCHRONIZE
> ReadData (or ListDirectory)
> WriteData (or AddFile)
> AppendData (or AddSubdirectory or
> CreatePipeInstance)
> ReadEA
> WriteEA
> ReadAttributes
> WriteAttributes
>
> Privileges: -
> Restricted Sid Count: 0
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
- Next message: Karl Levinson [x y] mvp: "Re: Attaching files to E-MAIL"
- Previous message: Jason: "Slow internet - mysterious typing"
- In reply to: Max Harvey: "Success Audit (about 50/minute!)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
