NMTSupport
asked on
Windows Server 2008 R2, DFS, Auditing Everything
Good Afternoon,
Background: We are, for reasons beyond my control, giving domain admin access to a user who may cause issues down the road. Not giving access to this user is now off the table and my hands are tied. So, as a result, I need to setup auditing to make sure that when they break something, we are covered and can show where the issue arose from.
Problem: I have successfully enabled AD DS auditing and now I am attempting to set up auditing on the DFS share and the user redirected documents. However, I checked the security log and it looks like every action taken on the DFS share is already being audited. I have looked all the way up the folder path and auditing is not enabled for anyone except this one user. Every time a user accesses their files, it is auditing it. The Security log is set to ~500MB and the log only has about 3 hours in it because it is full of users accessing their docs. Is there a way to stop auditing for everyone accessing their docs or another way to go about this? Thank you!
Environment: All servers running 2008/2008R2, DFS branched out to 5 remote locations, All local machines running Windows 7 and joined to the domain.
Background: We are, for reasons beyond my control, giving domain admin access to a user who may cause issues down the road. Not giving access to this user is now off the table and my hands are tied. So, as a result, I need to setup auditing to make sure that when they break something, we are covered and can show where the issue arose from.
Problem: I have successfully enabled AD DS auditing and now I am attempting to set up auditing on the DFS share and the user redirected documents. However, I checked the security log and it looks like every action taken on the DFS share is already being audited. I have looked all the way up the folder path and auditing is not enabled for anyone except this one user. Every time a user accesses their files, it is auditing it. The Security log is set to ~500MB and the log only has about 3 hours in it because it is full of users accessing their docs. Is there a way to stop auditing for everyone accessing their docs or another way to go about this? Thank you!
Environment: All servers running 2008/2008R2, DFS branched out to 5 remote locations, All local machines running Windows 7 and joined to the domain.
gheist
Domain admin can disable all the things you are installing. Just stop wasting your time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I apologize for the excessive delay in this. I had stopped checking after a while of not getting posts and then forgot about it.
First: The reason I am worried about the logging is not so much for malicious intent; my main concern is that this user does not know much about servers and centralized management and security but at the same time thinks that they do. (ie, a user could not get to shared folder and this user 'fixed' it by granting everyone full control, etc). Thus far, the user had been granted access, we just have not told them.
Second, I will look into that setup. I am comfortable with Linux but I would not label myself as an expert. My main point was simply to stop logging things I don't want to know about.
Thank you very much!
First: The reason I am worried about the logging is not so much for malicious intent; my main concern is that this user does not know much about servers and centralized management and security but at the same time thinks that they do. (ie, a user could not get to shared folder and this user 'fixed' it by granting everyone full control, etc). Thus far, the user had been granted access, we just have not told them.
Second, I will look into that setup. I am comfortable with Linux but I would not label myself as an expert. My main point was simply to stop logging things I don't want to know about.
Thank you very much!