Auditing Policy

Posted on 2004-11-19
Last Modified: 2010-04-14
Good Day,

I have turned on Auditing for the everyone group on a specific file on a server. The right is list folder/read data and failed is checked. I then go to events viewer, security and i see failures from users who have access to the specific folder. Here is the data that  I get. I go to the user in question and i ask whether she got any errors connecting to the folder. The answer is no. I would like to monitor just the failures on a specific do i do this. And what does the below Security event viewer mean?



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      560
Date:            11/19/2004
Time:            3:45:48 PM
User:            x\PAREx_D_XP$
Computer:      frt2df00
Object Open:
       Object Server:      Security
       Object Type:      File
       Object Name:      \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\\CA\HO\Accounting\Data\GRabais\Rabais et Promo\RABAIS USA\MAWDI\OCTOBER 2004\APPENDIX_Carole P..xls~RF166b597.TMP
       New Handle ID:      -
       Operation ID:      {0,1704898271}
       Process ID:      8
       Primary User Name:      frt2df00$
       Primary Domain:      USI
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      PAREx_D_XP$
       Client Domain:      USI
       Client Logon ID:      (0x0,0x659E8F5E)
       Accesses            READ_CONTROL
                  ReadData (or ListDirectory)
       Privileges            -
Question by:Tacobell2000
    1 Comment
    LVL 11

    Accepted Solution

    This may explain why you are getting these failure audits:

    To audit only failures, when you selected the everyone group, select only Failure instead of Success for that specific file.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
    This video discusses moving either the default database or any database to a new volume.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now