neilybealy
IS-IT--Management
hi all
is there an easy way to review the audit logs on windows server 2003?
thanks
neil
is there an easy way to review the audit logs on windows server 2003?
thanks
neil
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Reviewing Audit logs
- Thread starter neilybealy
- Start date
- Status
Teknoratti
Technical User
Is this a trick question? Are you looking for an EASIER way to review audit logs, other than through the event viewer?
- Thread starter
- #3
neilybealy
IS-IT--Management
sorry no it's not a trick question!
yes looking for another way of reviewing other than using event viewer
yes looking for another way of reviewing other than using event viewer
jollyreaper
Technical User
Wonder of wonders, I was logging on to post this exact same question!
I see that we can enable logging but it won't tell us who did the bad deed. It'll tell us that five people modified a file but not that Bob from Accounting deleted the important worksheet from the spreadsheet. It's sort of like the same situation with the bathroom -- you know it's the men's room so it had to be a guy but you don't know which guy used up the last of the TP without replacing it.
Any really good solutions for dealing with this sort of thing?
I see that we can enable logging but it won't tell us who did the bad deed. It'll tell us that five people modified a file but not that Bob from Accounting deleted the important worksheet from the spreadsheet. It's sort of like the same situation with the bathroom -- you know it's the men's room so it had to be a guy but you don't know which guy used up the last of the TP without replacing it.
Any really good solutions for dealing with this sort of thing?
jollyreaper
Technical User
Here's another question. The instructions I've found so far have been a bit cryptic or only refer to a local machine's security policies. What's the smartest way to set the auditing on the domain level?
- Status
Similar threads