H
hussam hamdan
Dear All,
I have this issue, I hope I find answers here.
I setup a file server and I'd like to audit the delete and write processes on specific folders. I did my homework and enabled both "Audit Object Access" policy from (Local machine Group Policy -> Computer Configuration -> Local Policies -> Audit Policy) and enabled "Audit Handle Manipulation" from (Local machine Group Policy -> Computer Configuration -> Advanced Audit Policy Configuration -> System Audit Policy -> Objectِ ِAccess), and setup necessary audit permissions on the desired folders to be audited.
Everything worked fine and the logs created at Event Manager. After specific period of time, or server restarts, the audit stops, and all configuration at (Local machine Group Policy -> Computer Configuration -> Local Policies -> Audit Policy) being restored to default (No Auditing).
Have anybody come cross to this issue previously?
Continue reading...
I have this issue, I hope I find answers here.
I setup a file server and I'd like to audit the delete and write processes on specific folders. I did my homework and enabled both "Audit Object Access" policy from (Local machine Group Policy -> Computer Configuration -> Local Policies -> Audit Policy) and enabled "Audit Handle Manipulation" from (Local machine Group Policy -> Computer Configuration -> Advanced Audit Policy Configuration -> System Audit Policy -> Objectِ ِAccess), and setup necessary audit permissions on the desired folders to be audited.
Everything worked fine and the logs created at Event Manager. After specific period of time, or server restarts, the audit stops, and all configuration at (Local machine Group Policy -> Computer Configuration -> Local Policies -> Audit Policy) being restored to default (No Auditing).
Have anybody come cross to this issue previously?
Continue reading...