Answer the question
In order to leave comments, you need to log in
A
A
Andrey San2014-09-04 11:25:26
Andrey San, 2014-09-04 11:25:26
Configuring windows auditing to control the audit of access to objects, how to make sure that there is no superfluous in the security event?
Good afternoon,
1. I enabled audit object access on the server
2. In the Audit tab in the properties I specified all with options to delete, change and create files in this folder
3. I look at the logs, everything is fixed there and everything seems to be fine, but how to make it so that evet with id 4656 was not fixed? and so with such rate logs will be overflowed for a day.
2 answer(s)
@admusers
@admusers
S
Slipeer, 2014-09-04 @admusers
As far as I can see from the screenshots:
1) You have 2008 or later
2) You have enabled the "object access" audit category
since 2008, you have entered audit subcategories (you have them in the "Advanced Audit Policy Configuration")
You can read it here .
Set up only the subcategory you need.
A
Andrey San, 2014-09-04 @admusers
Thanks, that's what you need.
but there was still a question how to distinguish two broad gulls? on what parameters?
1 this is the created log file
2 the same document is modified
Similar questions
U
X
V
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question