On Wed, Jan 7, 2009 at 10:49 AM, Durf <[email protected]> wrote: > Christ you all. It doesn't have to be this hard.
Yes, it does. > For AD, just turn on appropriate auditing and use GFI EventSentry to gather > and report on events. > > That's it, you're done. What about logging all file I/O, as the OP requested? In my experience, logging even Audit Failures for file I/O for a single workstation can generate thousands of Audit Failure records per day. That's because a lot of software tries to do various things that security policy won't allow. Ironically, anti-virus software is one of the biggest offenders on that workstation. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
