Re: Auditing.. We all love it...
- From: "Simon Geary" <simon_geary@xxxxxxxxxxx>
- Date: Thu, 28 Apr 2005 21:18:46 +0100
There are a lot of 3rd party products out there that do a better job of
collating security event logs, sounds like one might be useful for you.
These typically allow you to filter out the garbage you don't want to see
and lets you check logs from several servers from the one console. e.g.
http://www.gfi.com/lanselm/
"Drumgod" <Drumgod@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DF18B7ED-1663-4A30-A312-818EFB6F55E3@xxxxxxxxxxxxxxxx
> All,
>
> I am working at a government site. The security here is really high. I
> have
> to enable auditing for the entire %SystemDrive% on each workstation.
> That's
> the easy part.
>
> I have the auditing configured using a GPO Computer Configurations |
> Windows
> Settings | Security Settings | File System. I have setup a standard set of
> NTFS permissions, and I have applied auditing to the entire drive using
> this
> GPO. Now, when I view my security log file I have WAY TOO MANY 'SYSTESM'
> audits for object access. Now, object access is what Im trying to audit
> for
> all users, but not for the system. Im mean, who really cares what the
> system
> is doing...
>
> So my question is , how to I audit object access for all users and omit
> the
> system activites from being audited. ???
>
> I have auditing setup to audit anyone in the authenticated users group. If
> I
> change this to say, domain users, will the system object access events
> leave
> my secuirty log?????
>
> Any ideas??? (BTW, Auditing SUCKS!)
>
> Drum on .. .. . . .
.
- References:
- Auditing.. We all love it...
- From: Drumgod
- Auditing.. We all love it...
- Prev by Date: Folder redirection problem!!!!
- Next by Date: Re: Account Policies do not appear to apply
- Previous by thread: Auditing.. We all love it...
- Next by thread: Re: Auditing.. We all love it...
- Index(es):
Relevant Pages
|
