Auditing Policy

Good Day,

I have turned on Auditing for the everyone group on a specific file on a server. The right is list folder/read data and failed is checked. I then go to events viewer, security and i see failures from users who have access to the specific folder. Here is the data that  I get. I go to the user in question and i ask whether she got any errors connecting to the folder. The answer is no. I would like to monitor just the failures on a specific folder....how do i do this. And what does the below Security event viewer mean?

Thanks,

Tacobell2000

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      560
Date:            11/19/2004
Time:            3:45:48 PM
User:            x\PAREx_D_XP$
Computer:      frt2df00
Description:
Object Open:
       Object Server:      Security
       Object Type:      File
       Object Name:      \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\Usi.com\CA\HO\Accounting\Data\GRabais\Rabais et Promo\RABAIS USA\MAWDI\OCTOBER 2004\APPENDIX_Carole P..xls~RF166b597.TMP
       New Handle ID:      -
       Operation ID:      {0,1704898271}
       Process ID:      8
       Primary User Name:      frt2df00$
       Primary Domain:      USI
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      PAREx_D_XP$
       Client Domain:      USI
       Client Logon ID:      (0x0,0x659E8F5E)
       Accesses            READ_CONTROL
                  ReadData (or ListDirectory)
                  ReadEA
                  ReadAttributes
                  
       Privileges            -
Tacobell2000Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cfairleyCommented:
This may explain why you are getting these failure audits:

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3BQ245630

To audit only failures, when you selected the everyone group, select only Failure instead of Success for that specific file.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.