• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 496
  • Last Modified:

Windows 2003 Audit polidy success/failure audits - so many logs! need to cut down.

I have enabled audit logs on a folder, and tested it out.

I added "domain users" as the group to audit thinking that this would include everyone in the domain.

Well when I open the folder being audited it creates 8 logs in the security folder. This just seems like a ton of logs for me for a simple action such as "open" a folder. What do you guys think? Is there a better way to do this, or is this a normal thing?

Thank you.
0
jaesoul
Asked:
jaesoul
1 Solution
 
NikSystems SpecialistCommented:
I had the same need in the past and couldn't google for anything than for some third party tools like:
http://www.quest.com/spotlight-on-active-directory-pack/
http://www.manageengine.com/products/ad-manager/windows-active-directory-reports.html


0
 
karstiemanCommented:
User the FILTER option in the Eventviewer option to find what you were looking for.
Otherwise, specify the audit more specifically and for instace audit only FAILED object access to this folder.
0
 
jaesoulAuthor Commented:
Hey Guys,

I am going to give these options a shot and get right back.Thank you.
0
 
astralcomputingCommented:
Ok here is a really easy solution I like to use. In the logon script add the following line

echo %date%, %time%, %computername%, %username%, Sign on >> \\server\networkshare\login.log

This keeps a running tally of all logins, in a CSV format which can be imported into excel and sort, searched, etc...

You have the date, time, computer and username.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now