JSI Tip 7284. How do I set up and manage operation-based auditing in Windows Server 2003 Enterprise Edition?

Microsoft Knowledge Base Article 325898 contains the following summary:

This article describes how to set up and manage operation-based auditing in Windows Server 2003 Enterprise Edition. When you use operation-based auditing, you can audit operations on files and folders. This means that you can audit certain operations (for example, Write operations) and audit access to objects. Operation-based auditing is set up when you turn on object access auditing on a file or folder. Object access events and operations such as Write operations are recorded in the security log.

Operation-based audits are categorized as object audits, and they are logged as an event ID 567 in the security log. These audits are generated the first time an operation is performed. You can set up only files and folders to generate operation audits.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish