Why does enable audit on SINGLE user FOLDER generate SO many log entries including ones that related to system files ?
Windows 2003 server file access audit
That is normal, unfortuante but normal. When a machine opens a file there may be several hooks into the file to handle different things. Each one of these is recorded in the audit log.
Only on Server 2008 or later
----------------------------------
File Auditing Server 2008 R2
I think the issue could be that he is using the basic "Local Policies \ Audit Policy -> Audit Object Access" settings. If you, instead, configure the "Advanced Audit Policy Configuration \ System Audit Policies \ Object Access -> Audit Files System OR Audit File Share" you might have better luck. I had the same issue and then I realized that the later is the better option and it seems to work. Don't configure both, just the "Advanced Audit Policy Configuration"
---
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment