Thanks for this info, James...
*ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Harnessing the Advantages of Technology for the SMB market... * On Wed, Jun 8, 2011 at 5:37 AM, James Rankin <[email protected]> wrote: > Here's the article to get it all done properly, rather than just blatting > out all the IPsec and firewall-related stuff *en masse* > > http://support.microsoft.com/kb/921469 > > Although 2008 R2 isn't listed, these all appear to work OK on it > > > On 8 June 2011 09:51, James Rankin <[email protected]> wrote: > >> There must be something about posting to this list that gets my brain, or >> my Google-powers, into gear. Maybe it's just reading through my own problem >> again in a linear fashion. Anyway, I found me an answer.... >> >> *auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy >> Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick >> Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering >> Platform Packet Drop","Filtering Platform Connection" /success:disable >> /failure:disable >> >> * >> On 8 June 2011 09:44, James Rankin <[email protected]> wrote: >> >>> Anyone have any idea why, when I turn on "audit object access" on my >>> Windows 2008 R2 servers, my security logs get swamped with event id 5156 >>> "the Windows Filtering Platform has permitted a connection"? I found a >>> reference to turning off audit subcategories by using this command >>> -*auditpol /set /subcategory:"Filtering Platform Connection" /success: >>> disable >>> /failure: disable* - but that only works for plain 2008, not 2008 R2. >>> Anyone know how to get around this, or what command I could use to disable >>> it? >>> >>> >>> TIA, >>> >>> >>> >>> >>> JRR >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
