G
Gray
I've configured auditing and for some reason I'm only
seeing 560 events. Has anyone seen this before?
Settings:
NTFS:
Properties>security>advanced>Auditing tab
Everyone & domain users configured to audit all access
(pass and fail) for the directory.
Local secuirty policy:audit object access set to audit
success and failure.
Domain GPO: set to audit success and failure for object
access.
The only events in the event log are the 560 events.
Other events such as
561:audited object opened
562:audited object closed
etc... are not reported even though I've accessed the
objects using accounts with (and without) permissions.
thanks
seeing 560 events. Has anyone seen this before?
Settings:
NTFS:
Properties>security>advanced>Auditing tab
Everyone & domain users configured to audit all access
(pass and fail) for the directory.
Local secuirty policy:audit object access set to audit
success and failure.
Domain GPO: set to audit success and failure for object
access.
The only events in the event log are the 560 events.
Other events such as
561:audited object opened
562:audited object closed
etc... are not reported even though I've accessed the
objects using accounts with (and without) permissions.
thanks