aphesys Posted September 7, 2005 Posted September 7, 2005 Hi My server is running on windows 2003 server. As this is a file server, i need to perform auditing on file accesses.After I have enabled the object access item in the local security policy, I discovered that there are a lot of 562 and 567 entries generated in the event log. This cause the event log to grow very fast. As I can only manage the server remotely via VNC, there are many VNC entries generated every few seconds. This causes the event log to become full.These are the common 2 entriesEvent Type: Success AuditEvent Source: SecurityEvent Category: Object Access Event ID: 562Date: 9/6/2005Time: 5:57:30 PMUser: NT AUTHORITY\SYSTEMComputer: ZENITH2K2Description:Handle Closed: Object Server: Security Handle ID: 248 Process ID: 3760 Image File Name: C:\Program Files\RealVNC\VNC4\winvnc4.exeFor more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type: Success AuditEvent Source: SecurityEvent Category: Object Access Event ID: 567Date: 9/6/2005Time: 5:57:30 PMUser: NT AUTHORITY\SYSTEMComputer: ZENITH2K2Description:Object Access Attempt: Object Server: Security Handle ID: 248 Object Type: Desktop Process ID: 3760 Image File Name: C:\Program Files\RealVNC\VNC4\winvnc4.exe Accesses: Read Objects Access Mask: 0x1For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.May I know is there any settings that I can configure in the security policy to prevent such entries?Thank you.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now