E
Edy Werder
Dear all,
I try to audit a folder and its subdirectory for deletion.
The folder is located on a domain controller. I understand I have
first to enable in local security policy, audit policy, audit object
access. After that I go to Windows Explorer, select the folder, right
click it, poperties, security, advanced, auditing, add.
The result I see in the event viewer under security. Basicalyl it
works, but I see a lot of other activity for registry keys, mmc.exe as
soon as I have activate the policy. Is that normal? It quickly files
the audit log. All I want to see there is entries for auditing the
folder.
Best regards
Edy
I try to audit a folder and its subdirectory for deletion.
The folder is located on a domain controller. I understand I have
first to enable in local security policy, audit policy, audit object
access. After that I go to Windows Explorer, select the folder, right
click it, poperties, security, advanced, auditing, add.
The result I see in the event viewer under security. Basicalyl it
works, but I see a lot of other activity for registry keys, mmc.exe as
soon as I have activate the policy. Is that normal? It quickly files
the audit log. All I want to see there is entries for auditing the
folder.
Best regards
Edy