[ljCharlie]

Will anyone help me diagnoze why I kept getting event id 578 on my security event log? This event log fills my event log in about 10 minutes of 500MB space. Is there to block this particular event log?

Oh, I should mention that this is our Windows 2003 DC sever.

Help is appreciated.

 

[Chevy]

Will anyone help me diagnoze why I kept getting event id 578 on my security event log? This event log fills my event log in about 10 minutes of 500MB space. Is there to block this particular event log?

Oh, I should mention that this is our Windows 2003 DC sever.

Help is appreciated.

Event 578 is as Success Audit. You may be auditing an object that is accessed by everyone on your network.

What is the full text of the event?

 

[ljCharlie]

Many thanks for your response. Here's what the actual texts say.

Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 578
Date: 10/4/2005
Time: 10:17:21 AM
User: myDomain\johnsonj
Computer: myComputer1
Description:
Privileged object operation:
Object Server: Security
Object Handle: 304
Process ID: 4476
Primary User Name: johnsonj
Primary Domain: myDomain
Primary Logon ID: (0x0,0x6994E)
Client User Name: -
Client Domain: -
Client Logon ID: -
Privileges: SeTakeOwnershipPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

So how do I not audit this particular event?

 

[Chevy]

You need to review the auditing settings on your file system (right click, select Properties, Auditing tab).

You've set either all files or folders, or at least some, to report successful access (opwnership changes, permissions changes, etc.)

 

[ljCharlie]

Where do I "right click, select Properties, Auditing tab"? Are you reffering to the "Default Domain Controllers Security Settings/Local Policies/Audit Policy and/or Default Domain Security Settings/Local Policies/Audit Policy"? If this is what you're talking about then I already tried turn everything in these two location and still receiving this event log.

 

[Chevy]

Right click on each drive (in My Computer view) and select Poprties->Security, then click on the Advanced button and check the Auditing tab.

 

[ljCharlie]

I only have one drive, C drive, and there is nothing listed in the Auditing tab. So where else can I check now to turn off this particular event id?

 

[ljCharlie]

So does anyone have a solution or an idea on how to resovle this issue? My security log fills up so quickly with this event id 578 that it does not have any space to log other events.