登入
 
首頁文件庫學習園地下載支援社群論壇
IT 專業人員的技術資源 >
How to exclude specfic folders from being audited

已答覆 How to exclude specfic folders from being audited

  • 2012年5月3日 下午 08:00
     
     
    登入以投票
    0

    Hi

    I am using Windows 2008 R2 RDS environment. I have implemented folder redirection and roaming profiles and using central storage for user's data. To monitor file server (Windows 2008 R2) i have implemented audit policy "file server audit policy" on file server to monitor who has deleted what. Policy is working perfect but problem is that when user open IE and close application event log is generated (Event ID 4663) that show "\Device\HarddiskVolume\foldername\username\Appdata\Roaming\Microsoft\windows\cookies\filename.txt"  An attempt was made to access an object. and after that event 4660 is generated and mention that said file is deleted. Same case is observed with /Firefox

    Due to this for 100 users event logs are generating very rapidly. Is it possible that I exclude some specfic folders from this Advance audit policy (This is local policy) or is there any good practice to monitor file deletion excluding cache files.

    Regards

     

所有回覆

  • 2012年5月4日 上午 07:25
    版主
     
     已答覆
    登入以投票
    0

    Hi,

    Unfortunately, we can’t set exclusion folder for audit settings in current system, no such options.

    I think you may redirect AppData folder to other location where not set audit policy or exclude AppData folder in roaming profiles.

    Exclude Folders from Roaming Profiles

    1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
    2. In the console tree, right-click your domain, and then click Properties.
    3. Click the Group Policy tab, click the GPO that you want to work with, and then click Edit.
    4. Under User Configuration, expand Administrative Templates, expand System, and then click User Profiles.
    5. In the Setting list, double-click Exclude directories in roaming profile, and then click Enabled.
    6. In the Prevent the following directories from roaming with the profile box, type the appropriate folder names, separated by semicolons (;).

      Note By default, profiles are stored in the "Documents and Settings\user name" folder on the local computer, where user name is the name of the user to whom the profile belongs. This is considered as the "root" folder of the profile, and is not included when you specify folders to exclude. For example, to prevent the desktop from roaming with the profile, type desktop in the Prevent the following directories from roaming with the profile box. Make sure that a semicolon separates each entry in the list.
    7. When you are finished not including folders from roaming profiles, click OK.
    8. Quit the Group Policy snap-in, click Close, and then quit the Active Directory Users and Computers snap-in.

    For more information please refer to following MS articles:

    Managing Roaming User Data Deployment Guide
    http://technet.microsoft.com/en-us/library/cc766489(v=WS.10).aspx
    Best Practice: Roaming Profiles and Folder Redirection
    http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
    How to prevent folders from roaming with a profile in Windows Server 2003
    http://support.microsoft.com/kb/814592

    Lawrence

    TechNet Community Support