Good Morning,
Because of occasional 'mysterious' file disappearances (ie someone accidentally deleted them) I have turned on file deletion auditing on a busy folder one a Win2k3 file/print server.
In an effort to make the job of sorting out events a little easier, I wrote a small vbs that would export 560 and 564 events, using PSLOGLIST, for a specified period, filter out those that didn't have DELETE access, and put the results in a CSV for easy viewing.
The problem is that whenever I run it, IT produces a ton of 560 errors from ME by handle ID 276 for registry key "machine\controlSet001\services\eventlog\security\security"
Obviously it is counter productive to produce 8000 events in the event log, to the point of pushing out events you need, in order to read the event log.
Is there any way to change it so exporting the events using
PSLOGLIST doesnt produce all of these new events?
Thanks!!
k
Because of occasional 'mysterious' file disappearances (ie someone accidentally deleted them) I have turned on file deletion auditing on a busy folder one a Win2k3 file/print server.
In an effort to make the job of sorting out events a little easier, I wrote a small vbs that would export 560 and 564 events, using PSLOGLIST, for a specified period, filter out those that didn't have DELETE access, and put the results in a CSV for easy viewing.
The problem is that whenever I run it, IT produces a ton of 560 errors from ME by handle ID 276 for registry key "machine\controlSet001\services\eventlog\security\security"
Obviously it is counter productive to produce 8000 events in the event log, to the point of pushing out events you need, in order to read the event log.
Is there any way to change it so exporting the events using
PSLOGLIST doesnt produce all of these new events?
Thanks!!
k
