|
Posted by Roger Abell on July 13, 2005, 12:18 am
Please log in for more thread options Not only will it generate a large audit trail, but if the shared
areas are heavily used it will tend to bog down the I/O system.
One needs to keep in mind that for each access you will be
forcing other disk I/O to record the audited event.
If there is some data that must be audited for all accesses
then isolate this from other data so that data that does not
need such tight oversight is not included in the auditing.
--
Roger Abell
Microsoft MVP (Windows Security)
> The other posters did a great job explaining what to do but FYI auditing
> every file for every permissions for every user will generate a tremendous
> amount on object access events in the security log and I would suggest
that
> you increase it's size to at least 100MB. More than likely you will be
> overwhelmed with such events and it will be difficult to find useful
> information. Unless you are bound by regulations to do such you may want
to
> fine tune what folders/files you are auditing and only audit the bare
number
> of permissions needed to find the information that you need. You will find
> Event Comb from Microsoft helpful in searching the security log for events
> and text strings. --- Steve
>
> Comb
>
> > Hi to everyone,
> >
> > I need to audit any folders and files in a share drive. I want to know
> > when every users of the domain delete, open, create a file or folder.
> > My server is a w2003.
> >
> > Thank you
> >
> >
>
>
| 
XML Sitemap