Re: why so many Success Audit entries in Security Log?
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Wed, 2 Aug 2006 15:05:30 -0700
Agreed, and it so easy to filter out the success and informational entrees
when routinely reviewing the log files.
If you turn off success audits, then you can't ever view them if you need to
later.
--
/kj
"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e50zQOntGHA.1536@xxxxxxxxxxxxxxxxxxxxxxx
The default auditing policies in SBS are set to the recommended auditing
level for maximum security. I would certainly never advise anyone to
lower their security settings from the recommended configuration.
That said, I only monitor success for account management and policy
change. If someone were to go against my best security-oriented advice and
change their own settings, they would do it by editing the Small Business
Server Auditing Policy. Specifically, you'd change it under Computer
Configuration -> Windows Settings -> Security Settings -> Local
Policies -> Audit Policy. At any time you change a group policy,
especially one relating to security, I recommend carefully documenting
that change in case you later want to undo it.
"Jerome" <foo@xxxxxxx> wrote in message
news:eYllgCntGHA.4928@xxxxxxxxxxxxxxxxxxxxxxx
It looks like there's an entry in the Security Event Viewer every couple
seconds throughout the day. Why so much "no problem" activity?
.
- References:
- why so many Success Audit entries in Security Log?
- From: Jerome
- Re: why so many Success Audit entries in Security Log?
- From: Dave Nickason [SBS MVP]
- why so many Success Audit entries in Security Log?
- Prev by Date: Re: Sender ID Filtering vs. SBS Fax Server
- Next by Date: Re: ADSL modem connexion from SBS 2003 server
- Previous by thread: Re: why so many Success Audit entries in Security Log?
- Next by thread: Re: Exchange outbout Queue's??
- Index(es):
Relevant Pages
|
|
