We are really interested to control the access to files and folders of our Domain Controlers (which are file servers too).
We've checked all the auditing entries for authenticated users for all de data folders.
The thing is when we make some actions (Read, write, create, delete, ...) to any file in data folders strange behavior occurs: There are some events that doesn't appear in SELM neither in Event Viewer. Especially when we Delete a folder or a file it's difficult to find a 564 event.
We don't thing it's a problem of SELM, but do you know if it's possible that in certain circumstances all the events that should be registered doesn't do?
Why when we write to a critical file we sometimes get a 560 event and sometimes not?
Thanks.
We've checked all the auditing entries for authenticated users for all de data folders.
The thing is when we make some actions (Read, write, create, delete, ...) to any file in data folders strange behavior occurs: There are some events that doesn't appear in SELM neither in Event Viewer. Especially when we Delete a folder or a file it's difficult to find a 564 event.
We don't thing it's a problem of SELM, but do you know if it's possible that in certain circumstances all the events that should be registered doesn't do?
Why when we write to a critical file we sometimes get a 560 event and sometimes not?
Thanks.
