So we have a brand new 2008 R2 server. This will be a file server. Our current 2003 SP2 file server has file auditing on, but was disabled due to NewForma Project Center. This is a unique software for architectural firms that integrates with yet another special piece of software for architectural firms . . . Deltek Vision which is our billing system. To summarize NewForma, it constantly accesses the files and indexes them. All the frikin time. That's why I had to disable file auditing. There would be 10 bazillion entries from NewForma and then one user entry in the security log . . . and with the limits on 2003 event log size, we got about 8-12 hours of auditing. Now with 2008 R2 I can audit only certain users/groups. So I can exclude (I think) this domain service account from auditing (sweet!). I plan on once again, auditing file access by the users. I plan on seeing how much logging is generated and then adjusting the max log size accordingly.
With the improvements in the event logging system(s) in 2008 R2 in mind, any thoughts or reco's on this? Thanks, Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
