Windows Server - Auditing logs

Asked By yaro137

15-Jan-10 11:59 AM

Is there a way to run audit only on a specified folder rather than
getting your logs jammed with billions of unwanted Object Access
events? (SBS2k3)
yaro

Windows Server SBS Discussions

HatoureThanks
(1)

Audits
(1)

Yaro
(1)

Cliff Galiher - MVP replied to yaro137

15-Jan-10 11:20 AM

Turning on file auditing is actually a two step process.

First you turn it on with a security policy (local or group policy) but that
actually only turns on the functionality, it does not turn on the logging
itself.  So that is an all or nothing situation.

Then, on a per-file or per-folder basis, you enable the actual auditing you
want to perform on a per-user and per-action basis.

Folder->properties->security tab->advanced->auditing tab->add ...from there
I think you will figure it out...   :)

-Cliff

yaro137 replied to Cliff Galiher - MVP

18-Jan-10 07:26 AM

hat
ou
re

Thanks Cliff. The problem is that after turning the policy on it
starts logging Object Access straight away without
waiting for me to choose folders I want to audit. It audits various
things like stuff to do with AD and Exchange which I do not really want
to see.
yaro

Cliff Galiher - MVP replied to yaro137

18-Jan-10 11:18 AM

If you just want to monitor file access then turn OFF object access
auditing.  "Objects" do not mean what you think they mean in this particular
instance.

-Cliff

Previous Discussion: WD SES Device USB Device

Process ID history Windows Server

point me to what process with a particular PID was running at a particular time? yaro Windows Server Security Discussions Successes (1) Audits (1) Yaro (1) I think you would need to have audit process tracking enabled to do this whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when the process being tracked succeeds. Failure audits generate an audit entry when the process being tracked fails. To set this value to point me to what process with a particular PID was running at a particular time yaro?

Advanced Network Connection Settings Windows Server

XP and Vista it was not a problem. In 7 I just cannot see that. yaro Windows Server Discussions Vista (1) XP (1) Alt (1) Lookaround (1) Yaro (1) Hi Yaro, you are in Server newsgroup, but I am on Win 7 and did a lookaround got to love those UI designers. Well, I just love them ;) Thanks for your help. yaro keywords: Advanced, Network, Connection, Settings description: Where do I find them In XP and Vista it was not a problem. In 7 I just cannot see that. yaro?

success audits 680 - lots Windows Server

success audits 680 - lots Windows Server I am getting tons of success audits in my log everything seems to be working fine, but my security log file is xxxxx Error Code: 0x0 Windows Server Discussions MICROSOFT_AUTHENTICATION_PACKAGE_V (1) Policy (1) Domain (1) Controller (1) Audits (1) Workstation (1) Disclaimer (1) Check (1) Hello sue, Check the domain controller policy or This posting is provided "AS IS" with no warranties, and confers no rights. keywords: success, audits, 680, -, lots description: I am getting tons of success audits in my log everything seems to be working fine, but my security log file is