| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
MSExchange2003Student
Guest
Posts: n/a
|
Hi all
My Security log fill extremely quickly. Every morning i get the message that the security log is full on my DC and i have made the space allocation for that log 273MB. How can i check which audit policies is enabled to disbale some of them so that it i doesn't take that quick to fill. thanks for the help. |
|
|
|
|
|||
|
|||
|
|
|
| |
|
Gabriel Citron
Guest
Posts: n/a
|
gpresult /z /scope computer
In the result of the command you can find what audit policies are enabled and the GPO. Also you can use RSOP. -- Gabi Citron CEH, MCSE:Security, CCNA "MSExchange2003Student" wrote: > Hi all > > My Security log fill extremely quickly. Every morning i get the message that > the security log is full on my DC and i have made the space allocation for > that log 273MB. How can i check which audit policies is enabled to disbale > some of them so that it i doesn't take that quick to fill. thanks for the > help. > > > |
|
|
|
|
|||
|
|
|||
|
MSExchange2003Student
Guest
Posts: n/a
|
Gabriel, i did put this(gpresult /z /scope computer) in a DOS screen and got
a whole lot of stuff which i don't know how to read. However, there is a section called "Event Log Settings" and below that is "N/A" - Does this mean anything to you? Or is it the following : there is a heading GPO: Default Domain Policya and below that is a heading called Policy that have options like "Restore Priviledge", "Service Logon Right", etc... Is this the policies that is enabled and if so how do i get to them to disable some of them Thanks for your help "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message news:75D32842-5D1D-4B8B-BB84-(E-Mail Removed)... > gpresult /z /scope computer > > In the result of the command you can find what audit policies are enabled > and the GPO. Also you can use RSOP. > > -- > Gabi Citron > > CEH, MCSE:Security, CCNA > > > "MSExchange2003Student" wrote: > >> Hi all >> >> My Security log fill extremely quickly. Every morning i get the message >> that >> the security log is full on my DC and i have made the space allocation >> for >> that log 273MB. How can i check which audit policies is enabled to >> disbale >> some of them so that it i doesn't take that quick to fill. thanks for the >> help. >> >> >> |
|
|
|
|
|||
|
|
|||
|
Gabriel Citron
Guest
Posts: n/a
|
In this context N/A means not configured/default settings.
You can find the information you need in section "Resultant Set Of Policies for Computer" in the group "Audit Policy". Tip: The output of the command might exceed the buffer and some information can be lost. Is better to run it with >output.txt and then open this file with notepad. -- Gabi Citron CEH, MCSE:Security, CCNA "MSExchange2003Student" wrote: > Gabriel, i did put this(gpresult /z /scope computer) in a DOS screen and got > a whole lot of stuff which i don't know how to read. However, there is a > section called "Event Log Settings" and below that is "N/A" - Does this mean > anything to you? > > Or is it the following : there is a heading GPO: Default Domain Policya and > below that is a heading called Policy that have options like "Restore > Priviledge", "Service Logon Right", etc... Is this the policies that is > enabled and if so how do i get to them to disable some of them > > Thanks for your help > > "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message > news:75D32842-5D1D-4B8B-BB84-(E-Mail Removed)... > > gpresult /z /scope computer > > > > In the result of the command you can find what audit policies are enabled > > and the GPO. Also you can use RSOP. > > > > -- > > Gabi Citron > > > > CEH, MCSE:Security, CCNA > > > > > > "MSExchange2003Student" wrote: > > > >> Hi all > >> > >> My Security log fill extremely quickly. Every morning i get the message > >> that > >> the security log is full on my DC and i have made the space allocation > >> for > >> that log 273MB. How can i check which audit policies is enabled to > >> disbale > >> some of them so that it i doesn't take that quick to fill. thanks for the > >> help. > >> > >> > >> > > > |
|
|
|
|
|||
|
|
|||
|
MSExchange2003Student
Guest
Posts: n/a
|
Hi, do i just run the same command with output.txt at the back of the line?
or how do i get it to output to text file? "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message news:EDFD3923-CA52-4225-8ECB-(E-Mail Removed)... > In this context N/A means not configured/default settings. > You can find the information you need in section "Resultant Set Of > Policies > for Computer" in the group "Audit Policy". > Tip: The output of the command might exceed the buffer and some > information > can be lost. Is better to run it with >output.txt and then open this file > with notepad. > > -- > Gabi Citron > > CEH, MCSE:Security, CCNA > > > "MSExchange2003Student" wrote: > >> Gabriel, i did put this(gpresult /z /scope computer) in a DOS screen and >> got >> a whole lot of stuff which i don't know how to read. However, there is a >> section called "Event Log Settings" and below that is "N/A" - Does this >> mean >> anything to you? >> >> Or is it the following : there is a heading GPO: Default Domain Policya >> and >> below that is a heading called Policy that have options like "Restore >> Priviledge", "Service Logon Right", etc... Is this the policies that is >> enabled and if so how do i get to them to disable some of them >> >> Thanks for your help >> >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message >> news:75D32842-5D1D-4B8B-BB84-(E-Mail Removed)... >> > gpresult /z /scope computer >> > >> > In the result of the command you can find what audit policies are >> > enabled >> > and the GPO. Also you can use RSOP. >> > >> > -- >> > Gabi Citron >> > >> > CEH, MCSE:Security, CCNA >> > >> > >> > "MSExchange2003Student" wrote: >> > >> >> Hi all >> >> >> >> My Security log fill extremely quickly. Every morning i get the >> >> message >> >> that >> >> the security log is full on my DC and i have made the space allocation >> >> for >> >> that log 273MB. How can i check which audit policies is enabled to >> >> disbale >> >> some of them so that it i doesn't take that quick to fill. thanks for >> >> the >> >> help. >> >> >> >> >> >> >> >> >> |
|
|
|
|
|||
|
|
|||
|
Gabriel Citron
Guest
Posts: n/a
|
Yes, you can redirect de output of any command into a file like this:
gpresult /z /scope computer > output.txt (overwrite the file with the output) gpresult /z /scope computer >> output.txt (append the output to the end of file, if exist) -- Gabi Citron CEH, MCSE:Security, CCNA "MSExchange2003Student" wrote: > Hi, do i just run the same command with output.txt at the back of the line? > or how do i get it to output to text file? > > > "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message > news:EDFD3923-CA52-4225-8ECB-(E-Mail Removed)... > > In this context N/A means not configured/default settings. > > You can find the information you need in section "Resultant Set Of > > Policies > > for Computer" in the group "Audit Policy". > > Tip: The output of the command might exceed the buffer and some > > information > > can be lost. Is better to run it with >output.txt and then open this file > > with notepad. > > > > -- > > Gabi Citron > > > > CEH, MCSE:Security, CCNA > > > > > > "MSExchange2003Student" wrote: > > > >> Gabriel, i did put this(gpresult /z /scope computer) in a DOS screen and > >> got > >> a whole lot of stuff which i don't know how to read. However, there is a > >> section called "Event Log Settings" and below that is "N/A" - Does this > >> mean > >> anything to you? > >> > >> Or is it the following : there is a heading GPO: Default Domain Policya > >> and > >> below that is a heading called Policy that have options like "Restore > >> Priviledge", "Service Logon Right", etc... Is this the policies that is > >> enabled and if so how do i get to them to disable some of them > >> > >> Thanks for your help > >> > >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message > >> news:75D32842-5D1D-4B8B-BB84-(E-Mail Removed)... > >> > gpresult /z /scope computer > >> > > >> > In the result of the command you can find what audit policies are > >> > enabled > >> > and the GPO. Also you can use RSOP. > >> > > >> > -- > >> > Gabi Citron > >> > > >> > CEH, MCSE:Security, CCNA > >> > > >> > > >> > "MSExchange2003Student" wrote: > >> > > >> >> Hi all > >> >> > >> >> My Security log fill extremely quickly. Every morning i get the > >> >> message > >> >> that > >> >> the security log is full on my DC and i have made the space allocation > >> >> for > >> >> that log 273MB. How can i check which audit policies is enabled to > >> >> disbale > >> >> some of them so that it i doesn't take that quick to fill. thanks for > >> >> the > >> >> help. > >> >> > >> >> > >> >> > >> > >> > >> > > > |
|
|
|
|
|||
|
|
|||
|
MSExchange2003Student
Guest
Posts: n/a
|
Thanks
"Gabriel Citron" <o93201701(a)yahoo.com> wrote in message news:A0ABEA54-78C2-4164-B145-(E-Mail Removed)... > Yes, you can redirect de output of any command into a file like this: > > gpresult /z /scope computer > output.txt (overwrite the file with the > output) > gpresult /z /scope computer >> output.txt (append the output to the end of > file, if exist) > > -- > Gabi Citron > > CEH, MCSE:Security, CCNA > > > "MSExchange2003Student" wrote: > >> Hi, do i just run the same command with output.txt at the back of the >> line? >> or how do i get it to output to text file? >> >> >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message >> news:EDFD3923-CA52-4225-8ECB-(E-Mail Removed)... >> > In this context N/A means not configured/default settings. >> > You can find the information you need in section "Resultant Set Of >> > Policies >> > for Computer" in the group "Audit Policy". >> > Tip: The output of the command might exceed the buffer and some >> > information >> > can be lost. Is better to run it with >output.txt and then open this >> > file >> > with notepad. >> > >> > -- >> > Gabi Citron >> > >> > CEH, MCSE:Security, CCNA >> > >> > >> > "MSExchange2003Student" wrote: >> > >> >> Gabriel, i did put this(gpresult /z /scope computer) in a DOS screen >> >> and >> >> got >> >> a whole lot of stuff which i don't know how to read. However, there is >> >> a >> >> section called "Event Log Settings" and below that is "N/A" - Does >> >> this >> >> mean >> >> anything to you? >> >> >> >> Or is it the following : there is a heading GPO: Default Domain >> >> Policya >> >> and >> >> below that is a heading called Policy that have options like "Restore >> >> Priviledge", "Service Logon Right", etc... Is this the policies that >> >> is >> >> enabled and if so how do i get to them to disable some of them >> >> >> >> Thanks for your help >> >> >> >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message >> >> news:75D32842-5D1D-4B8B-BB84-(E-Mail Removed)... >> >> > gpresult /z /scope computer >> >> > >> >> > In the result of the command you can find what audit policies are >> >> > enabled >> >> > and the GPO. Also you can use RSOP. >> >> > >> >> > -- >> >> > Gabi Citron >> >> > >> >> > CEH, MCSE:Security, CCNA >> >> > >> >> > >> >> > "MSExchange2003Student" wrote: >> >> > >> >> >> Hi all >> >> >> >> >> >> My Security log fill extremely quickly. Every morning i get the >> >> >> message >> >> >> that >> >> >> the security log is full on my DC and i have made the space >> >> >> allocation >> >> >> for >> >> >> that log 273MB. How can i check which audit policies is enabled to >> >> >> disbale >> >> >> some of them so that it i doesn't take that quick to fill. thanks >> >> >> for >> >> >> the >> >> >> help. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> |
|
|
|
|
|||
|
|
|||
|
MSExchange2003Student
Guest
Posts: n/a
|
Gabriel, here is the output of that section - where do i edit the policy to
delete some of the audit options that is active? Audit Policy ------------ GPO: Default Domain Controllers Policy Policy: AuditPolicyChange Computer Setting: Success GPO: Default Domain Controllers Policy Policy: AuditPrivilegeUse Computer Setting: No Auditing GPO: Default policy Policy: AuditLogonEvents Computer Setting: Success GPO: Default Domain Controllers Policy Policy: AuditDSAccess Computer Setting: Success GPO: Default Domain Controllers Policy Policy: AuditAccountLogon Computer Setting: Success GPO: Default Domain Controllers Policy Policy: AuditObjectAccess Computer Setting: No Auditing GPO: Default Domain Controllers Policy Policy: AuditAccountManage Computer Setting: Success GPO: Default policy Policy: AuditAccountLogon Computer Setting: Success GPO: Default Domain Controllers Policy Policy: AuditLogonEvents Computer Setting: Success GPO: Default Domain Controllers Policy Policy: AuditProcessTracking Computer Setting: No Auditing GPO: Default Domain Controllers Policy Policy: AuditSystemEvents Computer Setting: Success Do i need to edit the default domain policy? "MSExchange2003Student" <(E-Mail Removed)> wrote in message news:%(E-Mail Removed)... > Thanks > > "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message > news:A0ABEA54-78C2-4164-B145-(E-Mail Removed)... >> Yes, you can redirect de output of any command into a file like this: >> >> gpresult /z /scope computer > output.txt (overwrite the file with the >> output) >> gpresult /z /scope computer >> output.txt (append the output to the end >> of >> file, if exist) >> >> -- >> Gabi Citron >> >> CEH, MCSE:Security, CCNA >> >> >> "MSExchange2003Student" wrote: >> >>> Hi, do i just run the same command with output.txt at the back of the >>> line? >>> or how do i get it to output to text file? >>> >>> >>> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message >>> news:EDFD3923-CA52-4225-8ECB-(E-Mail Removed)... >>> > In this context N/A means not configured/default settings. >>> > You can find the information you need in section "Resultant Set Of >>> > Policies >>> > for Computer" in the group "Audit Policy". >>> > Tip: The output of the command might exceed the buffer and some >>> > information >>> > can be lost. Is better to run it with >output.txt and then open this >>> > file >>> > with notepad. >>> > >>> > -- >>> > Gabi Citron >>> > >>> > CEH, MCSE:Security, CCNA >>> > >>> > >>> > "MSExchange2003Student" wrote: >>> > >>> >> Gabriel, i did put this(gpresult /z /scope computer) in a DOS screen >>> >> and >>> >> got >>> >> a whole lot of stuff which i don't know how to read. However, there >>> >> is a >>> >> section called "Event Log Settings" and below that is "N/A" - Does >>> >> this >>> >> mean >>> >> anything to you? >>> >> >>> >> Or is it the following : there is a heading GPO: Default Domain >>> >> Policya >>> >> and >>> >> below that is a heading called Policy that have options like "Restore >>> >> Priviledge", "Service Logon Right", etc... Is this the policies that >>> >> is >>> >> enabled and if so how do i get to them to disable some of them >>> >> >>> >> Thanks for your help >>> >> >>> >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message >>> >> news:75D32842-5D1D-4B8B-BB84-(E-Mail Removed)... >>> >> > gpresult /z /scope computer >>> >> > >>> >> > In the result of the command you can find what audit policies are >>> >> > enabled >>> >> > and the GPO. Also you can use RSOP. >>> >> > >>> >> > -- >>> >> > Gabi Citron >>> >> > >>> >> > CEH, MCSE:Security, CCNA >>> >> > >>> >> > >>> >> > "MSExchange2003Student" wrote: >>> >> > >>> >> >> Hi all >>> >> >> >>> >> >> My Security log fill extremely quickly. Every morning i get the >>> >> >> message >>> >> >> that >>> >> >> the security log is full on my DC and i have made the space >>> >> >> allocation >>> >> >> for >>> >> >> that log 273MB. How can i check which audit policies is enabled to >>> >> >> disbale >>> >> >> some of them so that it i doesn't take that quick to fill. thanks >>> >> >> for >>> >> >> the >>> >> >> help. >>> >> >> >>> >> >> >>> >> >> >>> >> >>> >> >>> >> >>> >>> >>> > > |
|
|
|
|
|||
|
|
|||
|
MSExchange2003Student
Guest
Posts: n/a
|
Gabriel, if i edit the GPO of the DC and browse to Computer Config > Windows
Settings > Security Settings > Local Policies > Audit Policies and look in the right pane then the only options that is on "Success" is Audit account logon events and Audit logon events. Does this it is only those 2 policies that is enabled? "MSExchange2003Student" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)... > Gabriel, here is the output of that section - where do i edit the policy > to delete some of the audit options that is active? > > Audit Policy > ------------ > GPO: Default Domain Controllers Policy > Policy: AuditPolicyChange > Computer Setting: Success > > GPO: Default Domain Controllers Policy > Policy: AuditPrivilegeUse > Computer Setting: No Auditing > > GPO: Default policy > Policy: AuditLogonEvents > Computer Setting: Success > > GPO: Default Domain Controllers Policy > Policy: AuditDSAccess > Computer Setting: Success > > GPO: Default Domain Controllers Policy > Policy: AuditAccountLogon > Computer Setting: Success > > GPO: Default Domain Controllers Policy > Policy: AuditObjectAccess > Computer Setting: No Auditing > > GPO: Default Domain Controllers Policy > Policy: AuditAccountManage > Computer Setting: Success > > GPO: Default policy > Policy: AuditAccountLogon > Computer Setting: Success > > GPO: Default Domain Controllers Policy > Policy: AuditLogonEvents > Computer Setting: Success > > GPO: Default Domain Controllers Policy > Policy: AuditProcessTracking > Computer Setting: No Auditing > > GPO: Default Domain Controllers Policy > Policy: AuditSystemEvents > Computer Setting: Success > > Do i need to edit the default domain policy? > > "MSExchange2003Student" <(E-Mail Removed)> wrote in message > news:%(E-Mail Removed)... >> Thanks >> >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message >> news:A0ABEA54-78C2-4164-B145-(E-Mail Removed)... >>> Yes, you can redirect de output of any command into a file like this: >>> >>> gpresult /z /scope computer > output.txt (overwrite the file with the >>> output) >>> gpresult /z /scope computer >> output.txt (append the output to the end >>> of >>> file, if exist) >>> >>> -- >>> Gabi Citron >>> >>> CEH, MCSE:Security, CCNA >>> >>> >>> "MSExchange2003Student" wrote: >>> >>>> Hi, do i just run the same command with output.txt at the back of the >>>> line? >>>> or how do i get it to output to text file? >>>> >>>> >>>> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message >>>> news:EDFD3923-CA52-4225-8ECB-(E-Mail Removed)... >>>> > In this context N/A means not configured/default settings. >>>> > You can find the information you need in section "Resultant Set Of >>>> > Policies >>>> > for Computer" in the group "Audit Policy". >>>> > Tip: The output of the command might exceed the buffer and some >>>> > information >>>> > can be lost. Is better to run it with >output.txt and then open this >>>> > file >>>> > with notepad. >>>> > >>>> > -- >>>> > Gabi Citron >>>> > >>>> > CEH, MCSE:Security, CCNA >>>> > >>>> > >>>> > "MSExchange2003Student" wrote: >>>> > >>>> >> Gabriel, i did put this(gpresult /z /scope computer) in a DOS screen >>>> >> and >>>> >> got >>>> >> a whole lot of stuff which i don't know how to read. However, there >>>> >> is a >>>> >> section called "Event Log Settings" and below that is "N/A" - Does >>>> >> this >>>> >> mean >>>> >> anything to you? >>>> >> >>>> >> Or is it the following : there is a heading GPO: Default Domain >>>> >> Policya >>>> >> and >>>> >> below that is a heading called Policy that have options like >>>> >> "Restore >>>> >> Priviledge", "Service Logon Right", etc... Is this the policies that >>>> >> is >>>> >> enabled and if so how do i get to them to disable some of them >>>> >> >>>> >> Thanks for your help >>>> >> >>>> >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message >>>> >> news:75D32842-5D1D-4B8B-BB84-(E-Mail Removed)... >>>> >> > gpresult /z /scope computer >>>> >> > >>>> >> > In the result of the command you can find what audit policies are >>>> >> > enabled >>>> >> > and the GPO. Also you can use RSOP. >>>> >> > >>>> >> > -- >>>> >> > Gabi Citron >>>> >> > >>>> >> > CEH, MCSE:Security, CCNA >>>> >> > >>>> >> > >>>> >> > "MSExchange2003Student" wrote: >>>> >> > >>>> >> >> Hi all >>>> >> >> >>>> >> >> My Security log fill extremely quickly. Every morning i get the >>>> >> >> message >>>> >> >> that >>>> >> >> the security log is full on my DC and i have made the space >>>> >> >> allocation >>>> >> >> for >>>> >> >> that log 273MB. How can i check which audit policies is enabled >>>> >> >> to >>>> >> >> disbale >>>> >> >> some of them so that it i doesn't take that quick to fill. thanks >>>> >> >> for >>>> >> >> the >>>> >> >> help. >>>> >> >> >>>> >> >> >>>> >> >> >>>> >> >>>> >> >>>> >> >>>> >>>> >>>> >> >> > > |
|
|
|
|
|||
|
|
|||
|
Gabriel Citron
Guest
Posts: n/a
|
Read carefully, you have two GPO's: Default Domain Controllers Policy and
Default policy (default ones). "Default Domain Controllers Policy" is applied on Domain Controllers container. -- Gabi Citron CEH, MCSE:Security, CCNA "MSExchange2003Student" wrote: > Gabriel, if i edit the GPO of the DC and browse to Computer Config > Windows > Settings > Security Settings > Local Policies > Audit Policies and look in > the right pane then the only options that is on "Success" is Audit account > logon events and Audit logon events. Does this it is only those 2 policies > that is enabled? > > > "MSExchange2003Student" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... > > Gabriel, here is the output of that section - where do i edit the policy > > to delete some of the audit options that is active? > > > > Audit Policy > > ------------ > > GPO: Default Domain Controllers Policy > > Policy: AuditPolicyChange > > Computer Setting: Success > > > > GPO: Default Domain Controllers Policy > > Policy: AuditPrivilegeUse > > Computer Setting: No Auditing > > > > GPO: Default policy > > Policy: AuditLogonEvents > > Computer Setting: Success > > > > GPO: Default Domain Controllers Policy > > Policy: AuditDSAccess > > Computer Setting: Success > > > > GPO: Default Domain Controllers Policy > > Policy: AuditAccountLogon > > Computer Setting: Success > > > > GPO: Default Domain Controllers Policy > > Policy: AuditObjectAccess > > Computer Setting: No Auditing > > > > GPO: Default Domain Controllers Policy > > Policy: AuditAccountManage > > Computer Setting: Success > > > > GPO: Default policy > > Policy: AuditAccountLogon > > Computer Setting: Success > > > > GPO: Default Domain Controllers Policy > > Policy: AuditLogonEvents > > Computer Setting: Success > > > > GPO: Default Domain Controllers Policy > > Policy: AuditProcessTracking > > Computer Setting: No Auditing > > > > GPO: Default Domain Controllers Policy > > Policy: AuditSystemEvents > > Computer Setting: Success > > > > Do i need to edit the default domain policy? > > > > "MSExchange2003Student" <(E-Mail Removed)> wrote in message > > news:%(E-Mail Removed)... > >> Thanks > >> > >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message > >> news:A0ABEA54-78C2-4164-B145-(E-Mail Removed)... > >>> Yes, you can redirect de output of any command into a file like this: > >>> > >>> gpresult /z /scope computer > output.txt (overwrite the file with the > >>> output) > >>> gpresult /z /scope computer >> output.txt (append the output to the end > >>> of > >>> file, if exist) > >>> > >>> -- > >>> Gabi Citron > >>> > >>> CEH, MCSE:Security, CCNA > >>> > >>> > >>> "MSExchange2003Student" wrote: > >>> > >>>> Hi, do i just run the same command with output.txt at the back of the > >>>> line? > >>>> or how do i get it to output to text file? > >>>> > >>>> > >>>> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message > >>>> news:EDFD3923-CA52-4225-8ECB-(E-Mail Removed)... > >>>> > In this context N/A means not configured/default settings. > >>>> > You can find the information you need in section "Resultant Set Of > >>>> > Policies > >>>> > for Computer" in the group "Audit Policy". > >>>> > Tip: The output of the command might exceed the buffer and some > >>>> > information > >>>> > can be lost. Is better to run it with >output.txt and then open this > >>>> > file > >>>> > with notepad. > >>>> > > >>>> > -- > >>>> > Gabi Citron > >>>> > > >>>> > CEH, MCSE:Security, CCNA > >>>> > > >>>> > > >>>> > "MSExchange2003Student" wrote: > >>>> > > >>>> >> Gabriel, i did put this(gpresult /z /scope computer) in a DOS screen > >>>> >> and > >>>> >> got > >>>> >> a whole lot of stuff which i don't know how to read. However, there > >>>> >> is a > >>>> >> section called "Event Log Settings" and below that is "N/A" - Does > >>>> >> this > >>>> >> mean > >>>> >> anything to you? > >>>> >> > >>>> >> Or is it the following : there is a heading GPO: Default Domain > >>>> >> Policya > >>>> >> and > >>>> >> below that is a heading called Policy that have options like > >>>> >> "Restore > >>>> >> Priviledge", "Service Logon Right", etc... Is this the policies that > >>>> >> is > >>>> >> enabled and if so how do i get to them to disable some of them > >>>> >> > >>>> >> Thanks for your help > >>>> >> > >>>> >> "Gabriel Citron" <o93201701(a)yahoo.com> wrote in message > >>>> >> news:75D32842-5D1D-4B8B-BB84-(E-Mail Removed)... > >>>> >> > gpresult /z /scope computer > >>>> >> > > >>>> >> > In the result of the command you can find what audit policies are > >>>> >> > enabled > >>>> >> > and the GPO. Also you can use RSOP. > >>>> >> > > >>>> >> > -- > >>>> >> > Gabi Citron > >>>> >> > > >>>> >> > CEH, MCSE:Security, CCNA > >>>> >> > > >>>> >> > > >>>> >> > "MSExchange2003Student" wrote: > >>>> >> > > >>>> >> >> Hi all > >>>> >> >> > >>>> >> >> My Security log fill extremely quickly. Every morning i get the > >>>> >> >> message > >>>> >> >> that > >>>> >> >> the security log is full on my DC and i have made the space > >>>> >> >> allocation > >>>> >> >> for > >>>> >> >> that log 273MB. How can i check which audit policies is enabled > >>>> >> >> to > >>>> >> >> disbale > >>>> >> >> some of them so that it i doesn't take that quick to fill. thanks > >>>> >> >> for > >>>> >> >> the > >>>> >> >> help. > >>>> >> >> > >>>> >> >> > >>>> >> >> > >>>> >> > >>>> >> > >>>> >> > >>>> > >>>> > >>>> > >> > >> > > > > > > > |
|
|
|
|
|||
|
|
|||
|
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Event logs | Alex | Windows Networking | 1 | 03-23-2008 12:08 PM |
| LSASRV Event 40960 and Failure Audit Event 673 since Feb 2007 | Drew Govnyak | Windows Networking | 1 | 07-25-2007 05:34 AM |
| Need help resolving Event ID 1054 errors appearing in event log every 5 mins! | thelotus99@gmail.com | Windows Networking | 2 | 07-16-2007 02:30 PM |
| Run As shortcut username fill-in | Spin | Windows Networking | 0 | 09-25-2006 09:54 PM |
| Can't view remote 2003 server Event logs through Computer Mgmt MMC | BrianS | Windows Networking | 8 | 10-11-2005 04:36 PM |
Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc. |
Linear Mode
