|
Posted by =?Utf-8?B?VG9ueSBvZiBNQkQ=?= on August 7, 2008, 5:25 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
Just for the record this was reported to MS Platform support. They managed
to emulated the problem and have reported that it is a bug, but will not be
releasing a fix. Instead you need to upgrade to Windows 2008.
Regards
Tony of MBD
"Tony of MBD" wrote:
> Hi,
>
> My understanding of the history of security event ID 567 (Object Access
> Attempt) is that it was introduced into Windows 2003 and XP, but a bug caused
> it to not log for remote file changes via a share, it only logs when a file
> change occurred from local. This was then fixed in SP1 and I can confirm this
> as I have tested a Windows 2003 R2 Ent SP1 32bit server and it seems to work
> ok. File changes, via remote and local, cause Event 560, 567 and 562 as
> expected. However, on a Windows 2003 R2 Ent SP2 32bit server, remote file
> changes only cause event 560 and 562. No event 567 is generated! A event 567
> is only generated when local file changes occur!
>
> Both the Windows 2003 SP1 and SP2 have the same policy config, set via GPO,
> and auditing flags set on all files and directories.
>
> Is this a bug that was broken, pre SP1, fixed SP1 and then broke again SP2?
> Or do I need to do something different?
>
>
>
> Thanks for any input
>
> Regards
>
> Tony of MBD
>
| 
XML site map