That is a tough question to answer. It depends on how many objects you are
auditing and how frequently that data is viewed/modified and changed. Also
there is a fine line between auditing and useful auditing.
From "Chapter 9 - Auditing and Intrusion Detection"
"As with all auditing, it is very important to take a targeted approach to
auditing object access. In your auditing plan, decide on the type of
objects that you must audit and then determine what type of access attempts
(success, failure, or both) you wish to monitor for each type of audited
object. An overly broad approach to auditing will have a significant impact
on your system’s performance and will result in the collection of much more
data than is necessary or useful."
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
prodtech/win2000/secwin2k/09detect.asp
IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
