P
patrick
On Windows 2000 Server with SP4,
I have
1) set up for C:\ D:\ file auditing for Everyone for file delete/write.
2) On Security Policy, set Audit of Object Access to Success and Failure
Observation
1) Even though I have NOT selected under file/directory properties->Audit->
audiiting of successful file read (without write), object handle open/close
of any files are audited when Security Policy is set to audit *successful*
object access-> I don't want to audit absolutely every single file
access!!!!
2) When Audit Policy is set to only audit Failure to object access, then no
successful file deletes/writes are audited at all!!
I have
1) set up for C:\ D:\ file auditing for Everyone for file delete/write.
2) On Security Policy, set Audit of Object Access to Success and Failure
Observation
1) Even though I have NOT selected under file/directory properties->Audit->
audiiting of successful file read (without write), object handle open/close
of any files are audited when Security Policy is set to audit *successful*
object access-> I don't want to audit absolutely every single file
access!!!!
2) When Audit Policy is set to only audit Failure to object access, then no
successful file deletes/writes are audited at all!!