G
Guest
I have turned on object access auditing for 'Success' and 'Failure' in the local security policy on a Windows 2000 SP3 file server. In addition I have configured auditing on a particular folder on the file server to audit only certain success and failure events. After doing so I have noticed hundreds of 'object access' security events (event id 560) are logged by the System account in the security log. The volume of event id 560's is so great it fills my 20MB security log in a matter of a few hours!
Audit setting are as follows:
Policy Local Setting Effective Setting
Audit account logon events Success, Failure Success, Failure
Audit account management Failure Failure
Audit directory service access No auditing No auditing
Audit logon events Success, Failure Success, Failure
Audit object access Success, Failure Success, Failure
Audit policy change Success, Failure Success, Failure
Audit privilege use Success, Failure Success, Failure
Audit process tracking Failure Failure
Audit system events Success, Failure Success, Failure
Is there any way I can prevent the logging of 'object access' security events by the System Account?
Audit setting are as follows:
Policy Local Setting Effective Setting
Audit account logon events Success, Failure Success, Failure
Audit account management Failure Failure
Audit directory service access No auditing No auditing
Audit logon events Success, Failure Success, Failure
Audit object access Success, Failure Success, Failure
Audit policy change Success, Failure Success, Failure
Audit privilege use Success, Failure Success, Failure
Audit process tracking Failure Failure
Audit system events Success, Failure Success, Failure
Is there any way I can prevent the logging of 'object access' security events by the System Account?