How to audit failure event in security log

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

My W2K DC have take all the component successl & failure in the audit setting,
and once of W2K share folder (e.g. Test) have grant all the success & failure in the folder and file perrmission for everyone user, but only success event can logged into security log, the failure event ( e.g. rename / move a file ) cannot logged into security log.
Any setting need to customized so that we can take the failure event logged into security log to check it. Pls help me to solve it.
Thanks !

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Did you check all the event ID 560 and 562 that were listed. You probably have a ton
of them in the security log and that should be where you find file access
ntries. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx

"Tinsiu" <Tinsiu@discussions.microsoft.com> wrote in message
news:EBCB1E55-3AB4-4ACA-A3D1-FB298066C5CA@microsoft.com...
> My W2K DC have take all the component successl & failure in the audit setting,
> and once of W2K share folder (e.g. Test) have grant all the success & failure in
the folder and file perrmission for everyone user, but only success event can logged
into security log, the failure event ( e.g. rename / move a file ) cannot logged into
security log.
> Any setting need to customized so that we can take the failure event logged into
security log to check it. Pls help me to solve it.
> Thanks !
>