Hi Everyone,
I am looking at a lot of entries similar to the following in my
Windows 'Audit' Event viewer. They are all success events and not
failures.
The environment is:
DB2 8.2 FP 14
Windows 2003 x64
The authentication happens against Windows Active Directory Service.
The box also serves as a domain controller.
Apparently, the system is able to keep only about past 1 hours or 30
minutes worth entries only (I am assuming system is purging the older
ones to make room for the newer ones).
How can I avoid this much logging of these events, provided I don't
want to disable the native windows event viewer service/functionality.
Any help or clue would be appreciated.
Thanks & Regards,
dotyet
##################################
Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/28/2007
Time: 12:37:45 PM
User: MYAPP\billy
Computer: billy1
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: S-1-5-21-40672581851-813886206-1606121121-1472
Handle ID: 101287620
Operation ID: {3,1587664882}
Process ID: 420
Process Name: C:\WINDOWS\system32\lsass.exe
Primary User Name: MYAPP$
Primary Domain: DOM1
Primary Logon ID: (0x0,0x3E7)
Client User Name: billy
Client Domain: DOM1
Client Logon ID: (0x3,0x5E2ERAQA)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
Privileges: -
Properties:
---
user
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
General Information
codePage
countryCode
objectSid
primaryGroupID
sAMAccountName
comment
displayName
Account Restrictions
accountExpires
pwdLastSet
userAccountControl
userParameters
Logon Information
badPwdCount
homeDirectory
homeDrive
lastLogoff
lastLogon
logonCount
logonHours
logonWorkstation
profilePath
scriptPath
Public Information
description
Group Membership
memberOf
Change Password
Reset Password
%{7ed81940-ad10-13d0-8a42-00aa036e0129}
Access Mask: 0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
############################