Windows 2000 server Auditing problem with existing directories/shares
Posted on 2002-03-09
Ok stay with me on this one :)
I am running windows 2000 server. I've turned on file/folder auditing for the domain policy (active
directory), I turned it on after creating my directories/shares from what I can recall. Service pack
2 is applied, all critical updates are applied. the problem is when I want to turn on auditing on my
current shared objects (folder, files), nothing shows up in the security log. Now if it would be only
that I'd say I missed a step, I've checked and doublechecked every options, everything is fine exept
it won't show up.
Now the funny thing is I tried creating a new directory and share. I put the same settings, and this
time it audits everything like it should. If I delete the shared directory, remove all the files, reboot,
recreate it and reapply permissions, it won't work if it's the same name as before. This is really
weird since it works on anything new I create.
One strange thing I've noticed though is that when I recreated the directory (which was deleted and
I've rebooted since then) and go in security->advanced->audit, the previous objects are still there
and active. Is this a bug or me doing something really nasty? Normally when you delete something,
it's supposed to be erm.. deleted. no?
Like I said, the auditing works fine when creating new directories... so it's really on the existing
items that I am having a hard time and I don't want to create new names, I want to solve this problem.
200 points for this one if I get a solution that fix the problem, not work around it.
Thanks for anyone's input.