Re: Auditing object access

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/09/04 

Date: Mon, 09 Aug 2004 17:25:56 GMT

Local Security Policy will be overridden by Domain/OU/or Domain Controller Security
Policy [for domain controllers only] as shown by effective permissions being
different that local.

Enabling auditing on folders will generate tons of events. To minimize the events,
audit the bare number of needed folders, for the bare number of needed users, and for
the bare number of needed permissions. Avoid auditing the everyone/users group, using
a specific group instead, and audit only what permission you want to track. If you
simply want to see who accessed a file just audit the read permission. If you want to
see who deletes a file, just audit the delete permission. -- Steve

"Aatmaram" <aatmaram{removethis}@hotmail.com> wrote in message
news:249b01c47de4$39dae9c0$a301280a@phx.gbl...
> dear all, i want to enable auditing for file/folder on
> win2k server (win2k server is acting as a domain
> controller and i kept our data on shared volumes on this
> server). now what i did is: local security policy doesnt
> work on DC so i enabled "object access - SUCCESS/FAILURE"
> found uder DOMAIN CONTROLLER SECURITY POLICY and enabled
> auditing on one folder (read, write and delete auditing)
> for test purpose but the problem here is that it is
> generating thousand of security logs (event ID 560 & 562)
> within 10 mins. I disabled doamin controller security
> policy and enable group policy found under AD USERS &
> COMPUTERS but found the same result. one more thing that
> effective policy on local security policy is changing
> according to the group policy so where m i doing wrong ?
>

Relevant Pages

  • Re: Detail display for audit policy
    ... manipulating with security such as Scriptlogic's Security Explorer ... are talking about auditing I would suggest using Active Administrator ... If I want to audit the user permission. ... auditing through Group Policy, you can enable it in each server's Local ...
    (microsoft.public.windows.server.security)
  • Re: Who last saved a file?
    ... Turn on Audit Policy thru either: ... Local Security Policy - on each file server or ... Set auditing on partcicular folder. ...
    (microsoft.public.windows.server.general)
  • Re: Auditing on a member server
    ... Look in Local Security Policy to make sure that it shows ... auditing is enabled as you expect. ...
    (microsoft.public.windows.server.security)
  • RE: Users are not authorized for remote login
    ... granted permission to connect to the server. ... the administrators group and Remote Desktop Users group have ... To connect to terminal server properly, users need to be granted the "Allow ... have higher priority and will override the configuration of local policy. ...
    (microsoft.public.windows.terminal_services)
  • RE: Users are not authorized for remote login
    ... granted permission to connect to the server. ... the administrators group and Remote Desktop Users group have ... To connect to terminal server properly, users need to be granted the "Allow ... have higher priority and will override the configuration of local policy. ...
    (microsoft.public.windows.terminal_services)
Quantcast