audit object access

[CEDRIC]

I trie to audit access for security change on directories
I'm explain when on a W2K server i check the box Success
for audit object access on Local security policies lot of
error 560 and 562 appear for the user NT AUTHORITY\SYSTEM
but i want only trace in eventlog successful access of
users.

PS: Sorry for my english

 

[Steven L Umbach]

Enabling auditing of object access will generate a lot of "system" events that are
related to the actual event you wish to capture. I suggest that you audit a absolute
minimum of number of permission accesses to get the job done and a minimum number of
users. Avoid using everybody group as group to audit. You can use filtering in Event
Viewer to help pinpoint certain events. --- Steve