gopher_49
asked on
file audit question
My goal is to have a failed security log to post in the event viewer when someone tries to access a folder or file they do not have access to. I enabled 'failed' file audits for the 'everyone' group. I set the option 'List/Folder Read Data'. Shouldn't this simply place an entry in my security log when someone is denied access to a folder or file? I'm getting all kind of failed security logs when people are successfully accessing files. Why is it logging successful attempts to files and folders?
thanks
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i mean enable auditing (object access, account access etc) in group policy
ASKER