"Audit Object Access" floods the Security Log - Why?

Posted on 2007-07-31
Last Modified: 2010-03-05
Greetings -

I want to audit when any users read or write to a specific folder.  I opened up my Local Security Policy editor and enabled both Success and Failure for the "Audit Object Access" setting.

Now I *DID NOT* go enable auditing on the folder I'm interested in yet!  I simply went into the Security Log and found thousands of entries for the SYSTEM account accessing objects.  The log was flooded within minutes and kept growing and growing.

What's going on here?  Shouldn't I have to turn on auditing for a specific object (i.e. a folder) before anything gets audited?

What is the system looking at here...???  Thoughts?
Question by:amendala
    LVL 9

    Expert Comment

    Auditing is a system specific setting.  You will need to dig through the results in Event Viewer in the Security Log.  

    LVL 23

    Expert Comment

    Thought you said on your first paragraph "opened up my Local Security Policy editor and enabled both Success and Failure for the "Audit Object Access" setting"??

    Anyway, you now have a feel of how auditing works :) If you audit on successful access you will have tons of records in your log - each successful access has 2 records one for open and one for close.
    LVL 9

    Accepted Solution

    By the way there are many tools that you can use to sift your Event Security Logs and generate reports.  

    We use Event Analyst.

    But there are others that are free ware.  Just Google "Event Log Reporting" to find them.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Several part series to implement Internet Explorer 11 Enterprise Mode
    Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now