We are really interested to control the access to files and folders of our Domain Controlers (which are file servers too).
We've checked all the auditing entries for authenticated users for all de data folders.
The thing is when we make some actions (Read, write, create, delete, ...) to any file in data folders strange behavior occurs: There are some events that doesn't appear in Event Viewer. Especially when we Delete a folder or a file it's difficult to find a 564 event.
Do you know if it's possible that in certain circumstances all the events that should be registered doesn't do?
Why when we write to a critical file we sometimes get a 560 event and sometimes not?
We don't think to be a problem of performance because de CPU average is 30-40%.
We are really interested to control the access to files and folders of our Domain Controlers (which are file servers too).
We've checked all the auditing entries for authenticated users for all de data folders.
The thing is when we make some actions (Read, write, create, delete, ...) to any file in data folders strange behavior occurs: There are some events that doesn't appear in Event Viewer. Especially when we Delete a folder or a file it's difficult to find a 564 event.
Do you know if it's possible that in certain circumstances all the events that should be registered doesn't do?
Why when we write to a critical file we sometimes get a 560 event and sometimes not?
We don't think to be a problem of performance because de CPU average is 30-40%.
Any other reason?
Thanks.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]