I'm currently defining a security template for the W2K workstations, and have setup ACLs on the NTFS directories. I wanted to turn on failure audit on NTFS to determine if any file access is incorrectly defined.
When audit is activated on the file system, many error records are generated from the basic applications such as Explorer.exe needing WRITE Attribute by the user. I don't want to give user right attributes to a lot of EXE or DLL files but I do want the auditing legitimate file access failures.
Do you know if there is a work around for this?
I'm not aware of a way to filter out unwanted audit failures. From the viewpoint of the file system, the attempts to access secure files by an average user is a legitimate error and will be logged. They are also normal occurrences.
You could turn off auditing on the WinNT directory but leave it turned on for the rest of the partition. The new NTFS permissions put in place by W2k do a pretty good job of locking down the system files.
Dig Deeper on Windows Server storage management
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.