Steven L Umbach
Guest
|
 Posted:
Fri Jan 07, 2005 11:43 am Post subject:
Re: Auditing |
|
|
You need to enable auditing of object access first before folder auditing
will work. You need to do that in the appropriate security policy - local,
domain, or OU for the computer. Usually Local Security Policy will work
[secpol.msc] unless this is a domain controller in which case use Domain
Controller security Policy. After doing such you should start seeing Event
ID's 560 and 562 in the security log. Be sure to increase the size of the
security log quite a bit to sat around 10MB. The link below may help. ---
Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;300549
"Peretz Stern" <peretzstern@optonline.net> wrote in message
news:%23mrDwpH9EHA.3840@tk2msftngp13.phx.gbl...
| Quote: | I placed an audit on delete successful/unsuccessful on a folder recently. I
noticed that a few days later it was tampered with. I looked in my event
logs and didn't seem to find anything did I miss it or is it in another
place? any help is appreciated.
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in