G
Guest
All,
I am working at a government site. The security here is really high. I have
to enable auditing for the entire %SystemDrive% on each workstation. That's
the easy part.
I have the auditing configured using a GPO Computer Configurations | Windows
Settings | Security Settings | File System. I have setup a standard set of
NTFS permissions, and I have applied auditing to the entire drive using this
GPO. Now, when I view my security log file I have WAY TOO MANY 'SYSTESM'
audits for object access. Now, object access is what Im trying to audit for
all users, but not for the system. Im mean, who really cares what the system
is doing...
So my question is , how to I audit object access for all users and omit the
system activites from being audited. ???
I have auditing setup to audit anyone in the authenticated users group. If I
change this to say, domain users, will the system object access events leave
my secuirty log?????
Any ideas??? (BTW, Auditing SUCKS!)
Drum on .. .. . . .
I am working at a government site. The security here is really high. I have
to enable auditing for the entire %SystemDrive% on each workstation. That's
the easy part.
I have the auditing configured using a GPO Computer Configurations | Windows
Settings | Security Settings | File System. I have setup a standard set of
NTFS permissions, and I have applied auditing to the entire drive using this
GPO. Now, when I view my security log file I have WAY TOO MANY 'SYSTESM'
audits for object access. Now, object access is what Im trying to audit for
all users, but not for the system. Im mean, who really cares what the system
is doing...
So my question is , how to I audit object access for all users and omit the
system activites from being audited. ???
I have auditing setup to audit anyone in the authenticated users group. If I
change this to say, domain users, will the system object access events leave
my secuirty log?????
Any ideas??? (BTW, Auditing SUCKS!)
Drum on .. .. . . .