Auditing.. We all love it...

From: "Drumgod" <Drumgod@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Apr 2005 06:08:04 -0700

All,

I am working at a government site. The security here is really high. I have
to enable auditing for the entire %SystemDrive% on each workstation. That's
the easy part.

I have the auditing configured using a GPO Computer Configurations | Windows
Settings | Security Settings | File System. I have setup a standard set of
NTFS permissions, and I have applied auditing to the entire drive using this
GPO. Now, when I view my security log file I have WAY TOO MANY 'SYSTESM'
audits for object access. Now, object access is what Im trying to audit for
all users, but not for the system. Im mean, who really cares what the system
is doing...

So my question is , how to I audit object access for all users and omit the
system activites from being audited. ???

I have auditing setup to audit anyone in the authenticated users group. If I
change this to say, domain users, will the system object access events leave
my secuirty log?????

Any ideas??? (BTW, Auditing SUCKS!)

Drum on .. .. . . .
.

Follow-Ups:
- Re: Auditing.. We all love it...
  - From: Ryan Hanisco
- Re: Auditing.. We all love it...
  - From: Simon Geary

Prev by Date: Re: can't get clock to come up
Next by Date: RE: Group Policy XP Firewall
Previous by thread: import GPO's from W2k3 domain into W2k domain?
Next by thread: Re: Auditing.. We all love it...
Index(es):
- Date
- Thread

Relevant Pages

Re: auditing
... Enable auditing of account management will log the creation and changes to ... You can audit Directory Service access to audit OU's. ... This security setting determines whether to audit each event of account ... For specific instructions about how to configure auditing policy settings, ...
(microsoft.public.win2000.active_directory)
HELP - File Auditing
... not automatically trigger any new "object access" audit ... individual objects for audit events to be logged. ... To enable auditing on a file/directory do the following: ... GPEDIT.msc in that server, ...
(microsoft.public.win2000.security)
Re: Auditing.. We all love it...
... The security here is really high. ... > to enable auditing for the entire %SystemDrive% on each workstation. ... object access is what Im trying to audit ...
(microsoft.public.win2000.group_policy)
Re: Cannot see audit events in security log
... If auditing of object access for success and failure has been enabled in the ... Local Security Policy on that computer and auditing has been ... should be recorded in the security log after trying to access the folder as ...
(microsoft.public.win2000.security)
Re: XPP on Domain - can I make Directories private - even from Admin?
... You must enable Auditing for the machine. ... You must specify what to audit. ... Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box. ...
(microsoft.public.windowsxp.general)