Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

File/Folder Auditing in Windows Server 2003; Event 560/562 spam

Posted on 2014-01-23
2
Medium Priority
?
549 Views
Last Modified: 2014-02-14
I'm attempting to test auditing out (for files/folders), and I'm bumping into an issue:
I have adjusted the audit object access to Success/Failure under Group Policy, and I've added the OU I want under the folder auditing settings (under security > advanced > auditing). Well, it creates the events just fine; however, any time I refresh the event log or move around in the folder/files specified (under user in OU on client computer), the security log is SPAMMED with 560/562 entries. I'm trying to keep it limited to just what I need (i.e., I don't need 560/562 entries when I refresh the log and if a success or failure occurs 1-2 entries would be ideal).
Please advise.
(Side note: I've disabled "Audit: Audit the access of global system objects" under Local Policies > Security Options.)
0
Comment
Question by:Amoayed
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 900 total points
ID: 39806494
There is another method using ADSIedit to modify the SACL's to stop these events. Have you tried this yet? There is also a COM+ hotfix rollup to correct this behaviour as well.

Take a look at the links below which should help with resolving the issue.

COM+ hotfix

ADSIEdit removal of SACL's

Willl.
0
 

Author Closing Comment

by:Amoayed
ID: 39859812
ADSIEdit.msc runs nothing, but I'll be applying the COM+ fix this weekend.

Thanks. (Still don't know if this is the fix.)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question