Be careful about pushing event log sizes too high. There is a 1GB shared memory 
heap that is used for both event logs (assuming Win2k3 and x86), and other 
services that want to use it. If you have something that wants to use that same 
shared heap, and you run out of it, you'll miss events. 50MB or 100MB is 
usually fine. Use a tool like logparser, eventcmb or your operations management 
tool (ops Manager or whatever) to groom events from the event logs to a central 
repository

Cheers
Ken


From: Ziots, Edward [mailto:[EMAIL PROTECTED]
Sent: Friday, 1 August 2008 11:20 PM
To: NT System Admin Issues
Subject: RE: Folders moveing themselves

Well there is a little more to it.

1)  I would limit the scope of your auditing for right now to the OU that 
contains the server (s) in question. I think it was mentioned before why 
putting your servers in your own OU for management and lockdown is a good idea.

2)  You can enable the auditing and then push down to your servers accordingly, 
you don't need to do it at the domain level if you have the structure in (1) 
above.

3)  After this you must configure success and failure auditing as I described 
before on the folders/files I talked of, and you need to be selective on whom 
you are targeting for the audit so as not to run your audit logs full. ( I 
would recommend in the GPO in (2) above pushing your audit log size to 50MB or 
higher so you capture the events.

4)  Lastly you need to add a test user to the group to be audited in question 
and then try out moving folders and then parsing the logs accordingly, to make 
sure the event fires off when you move/delete a folder.

If you run into issues, contact me off list, I will give you a hand.

Sincerely,
EZ

Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505
________________________________
From: Gavin Wilby [mailto:[EMAIL PROTECTED]
Sent: Friday, August 01, 2008 4:55 AM
To: NT System Admin Issues
Subject: Re: Folders moveing themselves






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to