Audit Object Access

brandonpf
brandonpf used Ask the Experts™
on
We just turned on object access auditing for our network drive.  We want to be able to tell if a staff member deletes, moves, etc a folder and see the aftermath of that action so we can correct it.  When our IT group turned auditing on for that folder and all subfolders it is recording an audit trail but the trail is so DETAILED, it seems that every user action produces hundreds of audit entries.  Is there a way to scale back the audit scope so that we can follow the audit trail easier?  Perhaps focus a little more broadly than as narrowly as its currently set?

Thank you.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Perhaps give this a try:

Configure Auditing for Specific Active Directory Objects
After you configure an audit policy setting, you can configure auditing for specific objects, such as users, computers, organizational units, or groups, by specifying both the types of access and the users whose access that you want to audit. To configure auditing for specific Active Directory objects:
Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
Make sure that Advanced Features is selected on the View menu by making sure that the command has a check mark next to it.
Right-click the Active Directory object that you want to audit, and then click Properties.
Click the Security tab, and then click Advanced.
Click the Auditing tab, and then click Add.
Complete one of the following:
Type the name of either the user or the group whose access you want to audit in the Enter the object name to select box, and then click OK.
In the list of names, double-click either the user or the group whose access you want to audit.
Click to select either the Successful check box or the Failed check box for the actions that you want to audit, and then click OK.
Click OK, and then click OK.

Author

Commented:
I've requested that this question be deleted for the following reason:

Not needed anymore.

Commented:
Hi,

In term of fairness, even if the author no long need the answer to the question, points should be awarded for the effort provided.  Thanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial