[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 242
  • Last Modified:

Auditing Policy

Good Day,

I have turned on Auditing for the everyone group on a specific file on a server. The right is list folder/read data and failed is checked. I then go to events viewer, security and i see failures from users who have access to the specific folder. Here is the data that  I get. I go to the user in question and i ask whether she got any errors connecting to the folder. The answer is no. I would like to monitor just the failures on a specific folder....how do i do this. And what does the below Security event viewer mean?



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      560
Date:            11/19/2004
Time:            3:45:48 PM
User:            x\PAREx_D_XP$
Computer:      frt2df00
Object Open:
       Object Server:      Security
       Object Type:      File
       Object Name:      \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\Usi.com\CA\HO\Accounting\Data\GRabais\Rabais et Promo\RABAIS USA\MAWDI\OCTOBER 2004\APPENDIX_Carole P..xls~RF166b597.TMP
       New Handle ID:      -
       Operation ID:      {0,1704898271}
       Process ID:      8
       Primary User Name:      frt2df00$
       Primary Domain:      USI
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      PAREx_D_XP$
       Client Domain:      USI
       Client Logon ID:      (0x0,0x659E8F5E)
       Accesses            READ_CONTROL
                  ReadData (or ListDirectory)
       Privileges            -
1 Solution
This may explain why you are getting these failure audits:


To audit only failures, when you selected the everyone group, select only Failure instead of Success for that specific file.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now