Windows 2003 Audit polidy success/failure audits - so many logs! need to cut down.

I have enabled audit logs on a folder, and tested it out.

I added "domain users" as the group to audit thinking that this would include everyone in the domain.

Well when I open the folder being audited it creates 8 logs in the security folder. This just seems like a ton of logs for me for a simple action such as "open" a folder. What do you guys think? Is there a better way to do this, or is this a normal thing?

Thank you.
jaesoulAsked:
Who is Participating?
 
karstiemanCommented:
User the FILTER option in the Eventviewer option to find what you were looking for.
Otherwise, specify the audit more specifically and for instace audit only FAILED object access to this folder.
0
 
NikSystems SpecialistCommented:
I had the same need in the past and couldn't google for anything than for some third party tools like:
http://www.quest.com/spotlight-on-active-directory-pack/
http://www.manageengine.com/products/ad-manager/windows-active-directory-reports.html


0
 
jaesoulAuthor Commented:
Hey Guys,

I am going to give these options a shot and get right back.Thank you.
0
 
astralcomputingCommented:
Ok here is a really easy solution I like to use. In the logon script add the following line

echo %date%, %time%, %computername%, %username%, Sign on >> \\server\networkshare\login.log

This keeps a running tally of all logins, in a CSV format which can be imported into excel and sort, searched, etc...

You have the date, time, computer and username.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.