audit object access

C

CEDRIC

I trie to audit access for security change on directories
I'm explain when on a W2K server i check the box Success
for audit object access on Local security policies lot of
error 560 and 562 appear for the user NT AUTHORITY\SYSTEM
but i want only trace in eventlog successful access of
users.

PS: Sorry for my english
 
S

Steven L Umbach

Enabling auditing of object access will generate a lot of "system" events that are
related to the actual event you wish to capture. I suggest that you audit a absolute
minimum of number of permission accesses to get the job done and a minimum number of
users. Avoid using everybody group as group to audit. You can use filtering in Event
Viewer to help pinpoint certain events. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Change in Security Account Manager 2
Object access 2
Audit Policy 4
Event ID for changing Inheritance of object permissions 6
Audit Account Logon Events 3
File Auditing 2
enable folder audit causes a lot of events 560 562 1
SAM events 1

Top