Well there is a little more to it.
1) I would limit the scope of your auditing for right now to the OU that contains the server (s) in question. I think it was mentioned before why putting your servers in your own OU for management and lockdown is a good idea. 2) You can enable the auditing and then push down to your servers accordingly, you don't need to do it at the domain level if you have the structure in (1) above. 3) After this you must configure success and failure auditing as I described before on the folders/files I talked of, and you need to be selective on whom you are targeting for the audit so as not to run your audit logs full. ( I would recommend in the GPO in (2) above pushing your audit log size to 50MB or higher so you capture the events. 4) Lastly you need to add a test user to the group to be audited in question and then try out moving folders and then parsing the logs accordingly, to make sure the event fires off when you move/delete a folder. If you run into issues, contact me off list, I will give you a hand. Sincerely, EZ Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Gavin Wilby [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2008 4:55 AM To: NT System Admin Issues Subject: Re: Folders moveing themselves ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
