• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 302
  • Last Modified:

Minimize or turn off Auditing Services

Hi!
I believe this cannot be a very complicated config.

Security logs in my Event Viewer is constantly logging activities (in fact every second). Although, they are all good events and nothing to do with errors. I would like to turn this off or streamline it such that it is at bare minimum. It is an overkill to log something every second.

BTW - I am running Windows Small Business Server.

yaj
0
yajesh
Asked:
yajesh
  • 5
  • 4
1 Solution
 
mrenosCommented:
You want to do that on the server or all pc's that are in your domain ( i presume that you have an active directory )..?
0
 
yajeshAuthor Commented:
This system server is not part opf the domain. It is my play system and part of workgroup.

There is nobody connected or using this system other then my self logged in as an Administrator.

I'll be loading SQL Server Express 2005 and play with it.

yaj
0
 
mrenosCommented:
Ok. So do the following :
Start -> Run -> type GpEdit.msc and press enter.
Navigate to Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
From there Select or deselect what you want  to autiding.


Hope this helps..
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
yajeshAuthor Commented:
Hi! mrenos,

I was only able to change the settings for Account Logon Events from "Success" to "No Auditing"

The rest of them are selected but dimmed. Thgus, does not allow me to change. Yet I am logged in as an Administrator.

  Audit account logon events                 No auditing     <=========this was the only one I could change.
  Audit account management                 success
  Audit Directory Service Access             No auditing
  Audit logon events                              success, failure
  Audit object access                             No auditing
  Audit policy change                             success
  Audit privilege use                             No auditing
  Audit process tracking                        No auditing
  Audit system events                           success

As a play toy I would prefer not to audit anything. Instead those that show success are dimmed with checkbox selected.

yaj
0
 
mrenosCommented:
If you go with Right click on My Computer -> Properties -> Computer Name -> Change -> In that tab do you see Domain or Workgroup enabled ?
Because it cannot be disabled if you don't have any policies applied on that computer.

Sorry for making that question, but i need to know..:)
0
 
yajeshAuthor Commented:
Hi!
I just check it. U R Correct.

I see domain enabled but dimmed and does not let me change.
Workgroup is not enabled.

When I selecetd "Change" I saw a pop-up with a long message string.............
"Domain Controller cannot be moved from one Domain to the other.

Full Computer name is  nd-win2k3.sbs.local

Yaj


0
 
mrenosCommented:
So you have an active directory there.
What you have to do is this..

Start ->All Programs -> Administrative Tools -> Group Policy Management and see is there is a GPO there enabled.
Do you know what GPO is, right ?

In that GPO Right Click on it and select edit -> go into Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy and change from there everything you need..:)

Hope this solves your problem..
0
 
yajeshAuthor Commented:
Hi! mrenos

Just got around checking your response.

I followed exactly the steps as you suggested. The list of items I saw was almost the same as mentioned before and they are all originally set to "Not Defined". I have not touched anything.

yaj
0
 
mrenosCommented:
Ok, so the policies are that effecting the computer's auditing.
Now from that panel, for each one of those settings, check the Define these policy settings and check if you want anything you need to audit ( Success or Failiure ).

Babs,
Hope this helps..
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now