Windows Server 2008 R2: Auditing - Success vs. Failure
Posted on 2016-10-19
What is meant by Audit Account Lockout - Success / Failure? If an account is locked out, what constitutes a "success" and what constitutes a "failure"? When does a user successfully lockout his/her account? When does a user fail to lockout his/her account? The info I've seen online simply repeats Microsoft's useless one-sentence explanation.
Similarly, how is Audit File System Success / Failure supposed to work? Do we really want to audit every time an authorized user accesses a file successfully? Alternatively, is this intended to be helpful in tracking when an unauthorized person accessed a file successfully? If so, how would one sort through countless successful accesses by authorized users in order to locate a successful access by an unauthorized user?
I really appreciate any help.