<div>
Auditing is a system specific setting. &nbsp;You will need to dig through the results in Event Viewer in the Security Log. &nbsp; <br />
<br />

</div>


Auditing is a system specific setting.  You will need to dig through the results in Event Viewer in the Security Log.  



<div>
Thought you said on your first paragraph &quot;opened up my Local Security Policy editor and enabled both Success and Failure for the &quot;Audit Object Access&quot; setting&quot;??<br />
<br />
Anyway, you now have a feel of how auditing works :) If you audit on successful access you will have tons of records in your log - each successful access has 2 records one for open and one for close.
</div>


Thought you said on your first paragraph "opened up my Local Security Policy editor and enabled both Success and Failure for the "Audit Object Access" setting"??

Anyway, you now have a feel of how auditing works :) If you audit on successful access you will have tons of records in your log - each successful access has 2 records one for open and one for close.

<div>
<div class="content wysiwyg-content">
Greetings -<br />
<br />
I want to audit when any users read or write to a specific folder. &nbsp;I opened up my Local Security Policy editor and enabled both Success and Failure for the &quot;Audit Object Access&quot; setting.<br />
<br />
Now I *DID NOT* go enable auditing on the folder I'm interested in yet! &nbsp;I simply went into the Security Log and found thousands of entries for the SYSTEM account accessing objects. &nbsp;The log was flooded within minutes and kept growing and growing.<br />
<br />
What's going on here? &nbsp;Shouldn't I have to turn on auditing for a specific object (i.e. a folder) before anything gets audited?<br />
<br />
What is the system looking at here...??? &nbsp;Thoughts?
</div>
</div>


Greetings -

I want to audit when any users read or write to a specific folder.  I opened up my Local Security Policy editor and enabled both Success and Failure for the "Audit Object Access" setting.

Now I *DID NOT* go enable auditing on the folder I'm interested in yet!  I simply went into the Security Log and found thousands of entries for the SYSTEM account accessing objects.  The log was flooded within minutes and kept growing and growing.

What's going on here?  Shouldn't I have to turn on auditing for a specific object (i.e. a folder) before anything gets audited?

What is the system looking at here...???  Thoughts?

&quot;Audit Object Access&quot; floods the Security Log - Why?

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

&quot;Audit Object Access&quot; floods the Security Log - Why?

"Audit Object Access" floods the Security Log - Why?