Auditing

  • Thread starter Thread starter Peretz Stern
  • Start date Start date
P

Peretz Stern

I placed an audit on delete successful/unsuccessful on a folder recently. I
noticed that a few days later it was tampered with. I looked in my event
logs and didn't seem to find anything did I miss it or is it in another
place? any help is appreciated.
 
You need to enable auditing of object access first before folder auditing
will work. You need to do that in the appropriate security policy - local,
domain, or OU for the computer. Usually Local Security Policy will work
[secpol.msc] unless this is a domain controller in which case use Domain
Controller security Policy. After doing such you should start seeing Event
ID's 560 and 562 in the security log. Be sure to increase the size of the
security log quite a bit to sat around 10MB. The link below may help. ---
Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;300549
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User auditing 2
Allen Brown's audit log code "insert" problem 0
Moved folder auditing 2
windows xp pro auditing object access 1
Auditing 1
Audit Policy 4
File Auditing Question 3
How to Audit "Access to File and Folder" on Shared Folder 1

Back
Top