G
Guest
In our production environment, we seem to have a number of applications which
continually generate 577 Event IDs. For this case, KBID 831905 suggests
either fixing the app, installing SP2 or turning off auditing for Privilege
Use.
We are presently in the middle of our SP2 rollout project, but need a
solution asap. As these events seem to be created by one or two of our LOB
apps, there is little chance of solving this on the app side. I am therfore
considering turning off the auditing for Privilege Use.
In various presentations from TechEd and IT Forum, the audtiting of
Privilege Use is shown as "not recommended". On the other hand the XP
Security Guide and various other MS docs recommend to turn on Failure
Auditing for this point. I find this confusing. Therefore the following
question:
If I turn off Failure (asn Success) Auditing for Privilege Use, what am I
going to miss, and of what _real_ use are those events (especially as we
don't have the source code to the apps causing the problem.)
TIA,
Oliver
continually generate 577 Event IDs. For this case, KBID 831905 suggests
either fixing the app, installing SP2 or turning off auditing for Privilege
Use.
We are presently in the middle of our SP2 rollout project, but need a
solution asap. As these events seem to be created by one or two of our LOB
apps, there is little chance of solving this on the app side. I am therfore
considering turning off the auditing for Privilege Use.
In various presentations from TechEd and IT Forum, the audtiting of
Privilege Use is shown as "not recommended". On the other hand the XP
Security Guide and various other MS docs recommend to turn on Failure
Auditing for this point. I find this confusing. Therefore the following
question:
If I turn off Failure (asn Success) Auditing for Privilege Use, what am I
going to miss, and of what _real_ use are those events (especially as we
don't have the source code to the apps causing the problem.)
TIA,
Oliver