Have you considered simply restricting permissions on relevant files to the
appropriate level? If this is not feasible, minimize level of auditing by
targeting only types of events and users/groups which are relevant to your
investigation...
hth
Marcin
"MLtt" <teknologix007.DeleteThis@gmail.com> wrote in message
news:e2i2zWvoJHA.4028@TK2MSFTNGP03.phx.gbl...
> Hi all. I recently became suspicious that some users on my network are
> making
> misuse of the files on the server. Therefore I enabled audditing for both
> successfull and failed attempts. This made the secutiy log large enough
> and
> created a performance overhead. In fact the backup routine done in the
> night
> did not complete in the required time and I had to terminate it and remove
> auditing to be able to complete.
>
> My question is this...is there a way to enable auditing and at the same
> time do
> not create a performance bottleneck? so that backup could complete? or
> which
> auditing entries are the most essential?
>
> Grazias
>
>
>
Microsoft Windows (other)