Auditing logs

Asked By yaro137

15-Jan-10 11:59 AM

Is there a way to run audit only on a specified folder rather than
getting your logs jammed with billions of unwanted Object Access
events? (SBS2k3)
yaro

Turning on file auditing is actually a two step process.

Cliff Galiher - MVP replied to yaro137

15-Jan-10 11:20 AM

Turning on file auditing is actually a two step process.

First you turn it on with a security policy (local or group policy) but that
actually only turns on the functionality, it does not turn on the logging
itself.  So that is an all or nothing situation.

Then, on a per-file or per-folder basis, you enable the actual auditing you
want to perform on a per-user and per-action basis.

Folder->properties->security tab->advanced->auditing tab->add ...from there
I think you will figure it out...   :)

-Cliff

hatoureThanks Cliff.

yaro137 replied to Cliff Galiher - MVP

18-Jan-10 07:26 AM

hat
ou
re

Thanks Cliff. The problem is that after turning the policy on it
starts logging Object Access straight away without
waiting for me to choose folders I want to audit. It audits various
things like stuff to do with AD and Exchange which I do not really want
to see.
yaro

If you just want to monitor file access then turn OFF object accessauditing.

Cliff Galiher - MVP replied to yaro137

18-Jan-10 11:18 AM

If you just want to monitor file access then turn OFF object access
auditing.  "Objects" do not mean what you think they mean in this particular
instance.

-Cliff

Previous Discussion: WD SES Device USB Device