<div>
is it anon? &nbsp;No, it's the user I am watching. &nbsp;he's loging on / loggging off the network many times within seconds. &nbsp;I know he's not actualy doing that - does a 538 / 540 get generated every time a file is accessed or some other activity?
</div>


is it anon?  No, it's the user I am watching.  he's loging on / loggging off the network many times within seconds.  I know he's not actualy doing that - does a 538 / 540 get generated every time a file is accessed or some other activity?

<div>
<div class="content wysiwyg-content">
on an SBS 2003 R2 box, the boss wanted me to monitor a folder to see if a specific employee was accessing the files overnight. &nbsp;I enabled auditing any actions for that folder. &nbsp;looking in the event log, I could see loads of opject access entries for those files during work hours.<br />
<br />
But I happened to notice on a day with no access to those files (not sure if he was out with the PC turned on or just didn't use those files), there's loads of logon / logoff envent 540 &amp;&nbsp;538s within seconds, starting at 4:52 and then ending at 4:55PM. &nbsp;any thoughts on why there were so many in that short span?
</div>
</div>


on an SBS 2003 R2 box, the boss wanted me to monitor a folder to see if a specific employee was accessing the files overnight.  I enabled auditing any actions for that folder.  looking in the event log, I could see loads of opject access entries for those files during work hours.

But I happened to notice on a day with no access to those files (not sure if he was out with the PC turned on or just didn't use those files), there's loads of logon / logoff envent 540 & 538s within seconds, starting at 4:52 and then ending at 4:55PM.  any thoughts on why there were so many in that short span?

Looking at the event log - loads of log ons / log offs?  Does that make sense?

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.

Microsoft Server OS

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).