Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
65 Posts
Discussion Starter #1 (Edited)
Will anyone help me diagnoze why I kept getting event id 578 on my security event log? This event log fills my event log in about 10 minutes of 500MB space. Is there to block this particular event log?

Oh, I should mention that this is our Windows 2003 DC sever.

Help is appreciated.
 

·
Registered
Joined
·
4,890 Posts
ljCharlie said:
Will anyone help me diagnoze why I kept getting event id 578 on my security event log? This event log fills my event log in about 10 minutes of 500MB space. Is there to block this particular event log?

Oh, I should mention that this is our Windows 2003 DC sever.

Help is appreciated.
Event 578 is as Success Audit. You may be auditing an object that is accessed by everyone on your network.

What is the full text of the event?
 

·
Registered
Joined
·
65 Posts
Discussion Starter #3
Many thanks for your response. Here's what the actual texts say.

Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 578
Date: 10/4/2005
Time: 10:17:21 AM
User: myDomain\johnsonj
Computer: myComputer1
Description:
Privileged object operation:
Object Server: Security
Object Handle: 304
Process ID: 4476
Primary User Name: johnsonj
Primary Domain: myDomain
Primary Logon ID: (0x0,0x6994E)
Client User Name: -
Client Domain: -
Client Logon ID: -
Privileges: SeTakeOwnershipPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
So how do I not audit this particular event?
 

·
Registered
Joined
·
4,890 Posts
You need to review the auditing settings on your file system (right click, select Properties, Auditing tab).

You've set either all files or folders, or at least some, to report successful access (opwnership changes, permissions changes, etc.)
 

·
Registered
Joined
·
65 Posts
Discussion Starter #5
Where do I "right click, select Properties, Auditing tab"? Are you reffering to the "Default Domain Controllers Security Settings/Local Policies/Audit Policy and/or Default Domain Security Settings/Local Policies/Audit Policy"? If this is what you're talking about then I already tried turn everything in these two location and still receiving this event log.
 

·
Registered
Joined
·
4,890 Posts
Right click on each drive (in My Computer view) and select Poprties->Security, then click on the Advanced button and check the Auditing tab.
 

·
Registered
Joined
·
65 Posts
Discussion Starter #7
I only have one drive, C drive, and there is nothing listed in the Auditing tab. So where else can I check now to turn off this particular event id?
 

·
Registered
Joined
·
65 Posts
Discussion Starter #8
So does anyone have a solution or an idea on how to resovle this issue? My security log fills up so quickly with this event id 578 that it does not have any space to log other events.
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top