Right now I'm trying to enable Success Audit Object Access in Local GP on one of our local share servers. The goal of that is to see what our users are doing on our shares to see if they're moving large files or even deleting necessary files. The problem that I'm having right now is as soon as I turn it on I get dozens of 5145's from the server itself saying it's granting access. Would it be possible to enable the audit process on everyone except this 'webservices'. If I leave on Audit Object Access for a few minutes I can easily get 1000s of entries. Suggestions?
A network share object was checked to see whether client can be granted desired access.Subject:
Security ID: NETEQ\webservices
Account Name: webservices
Account Domain:FLOGISTIX
Logon ID: 0x17e5a81b
Network Information:
Object Type: File
Source Address:10.50.3.12
Source Port: 58416
Share Information:
Share Name: \\*\Backups$
Share Path: \??\E:\Backups
Relative Target Name:Profiles_From_PANS01\....V2\...\...\...\gdi\32\....dl_
Access Request Information:
Access Mask: 0xe0080
Accesses: READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadAttributes
Access Check Results:
READ_CONTROL: Granted byD:(A;;FA;;;WD)
WRITE_DAC: Granted byD:(A;;FA;;;WD)
WRITE_OWNER: Granted byD:(A;;FA;;;WD)
ReadAttributes:Granted byD:(A;;FA;;;WD)