General discussion

Locked

Too Many Auditing Entries!

By Ruski ·
I enabled object access auditing in Windows 2000 Server, both success and failure, for a single folder. I then opened that folder and opened a single document in that folder. When I checked Security Event log, I discovered that there were 146 entries for this single instance. If this is typical, then event logs are of little value. Did I do something wrong?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Too Many Auditing Entries!

by mgonzales In reply to Too Many Auditing Entries ...

This is typical if alot of people access this folder. If you want to look for something specific use filters.

Mike

Collapse -

Too Many Auditing Entries!

by Ruski In reply to Too Many Auditing Entries ...

Unfortunately, the folder was only accessed by me, and only once.

Collapse -

Too Many Auditing Entries!

by cportman In reply to Too Many Auditing Entries ...

Two steps to enable auditing

Edit the security policy to audit object access for both sucess and failure.

reboot or run secedit /refresh_policy localmachine

Then go to the folder - properties - security - advanced - auditing

see if all the boxes are checked, possibly uncheck unneeded options.

Collapse -

Too Many Auditing Entries!

by Ruski In reply to Too Many Auditing Entries ...

I made sure that only the "list folder/read data" box was checked, and I still got over 50 entries when I simply opened the folder and did nothing else.

Collapse -

Too Many Auditing Entries!

by cportman In reply to Too Many Auditing Entries ...

Two steps to enable auditing

Edit the security policy to audit object access for both sucess and failure.

reboot or run secedit /refresh_policy localmachine

Then go to the folder - properties - security - advanced - auditing

see if all the boxes are checked, possibly uncheck unneeded options.

Collapse -

Too Many Auditing Entries!

by Ruski In reply to Too Many Auditing Entries ...

I made sure that only the "list folder/read data" box was checked, and I still got over 50 entries when I simply opened the folder and did nothing else.

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums