|
Posted by Eric Fitzgerald [MSFT] on August 22, 2005, 11:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
Desktop.ini is a file Explorer always looks for in every directory, telling
it how to display the folder. If you enable auditing on this file or on
directories such as My Documents that users are likely to browse to with
Explorer, you will get a large number of accesses and therefore audit
records.
As a general rule, you should avoid auditing for ReadData and other read
accesses, and you should avoid auditing for WriteAttributes and
WriteExtendedAttributes, as these are very noisy.
Best regards,
Eric
--
This information is provided "AS-IS" with no warranty, and confers no
rights.
>I have enabled auditing on a directory and all of its subdirectories
> and files, for a location where users My Documents have been
> redirected. I have set auditing for Change Permissions, Take
> Ownership, Write Attributes, and Write Extended Attributes. However,
> my security log on that machine is being filled with "Object Access"
> entries referring to Accesses of ReadAttributes and WriteAttributes.
> For the normal user, this is happening for only their redirected
> folder. For the few in the domain admins group, there is an Accesses
> entry with READ_CONTROL, ReadData (or ListDirectory) and ReadEA in
> addition to the previoius two, for everyone's desktop.ini file in their
> redirected users. This is really filling up the log files, making
> auditing very difficult. Any ideas or help would be greatly
> appreciated.
>
> Rich C.
>
| 
XML site map