Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

peanican (MIS) (OP)
18 Sep 07 12:33
I'm now logging object access for folders on my file server. I've noticed an abundance of false positives showing up as failure audits. Here is an example of what show up.

CODE

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Object Access
Event ID:    560
Date:        9/17/2007
Time:        3:00:49 PM
User:        [domain]\milp
Computer:    BRAVO
Description:
Object Open:
     Object Server:    Security
     Object Type:    File
     Object Name:    D:\DATA\milp\PROCLAMATIONS\Words Alive Day Nov 10, 2007.doc
     Handle ID:    -
     Operation ID:    {0,45270967}
     Process ID:    4
     Image File Name:    
     Primary User Name:    BRAVO$
     Primary Domain:    [domain]
     Primary Logon ID:    (0x0,0x3E7)
     Client User Name:    milp
     Client Domain:    [domain]
     Client Logon ID:    (0x0,0x2A3DD0B)
     Accesses:    DELETE
            READ_CONTROL
            ACCESS_SYS_SEC
            ReadData (or ListDirectory)
            ReadEA
            ReadAttributes
            
     Privileges:    -
     Restricted Sid Count:    0
     Access Mask:    0x1030089


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close