IIS 6.0: Logon Success Audited by Default (332112)
The information in this article applies to:
- Microsoft Internet Information Services version 6.0, when used with:
- the operating system: Microsoft Windows Server 2003
This article was previously published under Q332112 SYMPTOMSIf you are running a high volume Web site on Internet
Information Services (IIS) 6.0, the Security Event Log may fill
quickly.CAUSEThe default audit policy has been changed from earlier
versions of Microsoft Windows and now audits successful logons. For IIS, this
means every impersonation of the anonymous user account is audited.
RESOLUTIONTo disable auditing of successful logons:
- Click Start, click Run, type Secpol.msc, and then click OK.
- Expand Local Policies, and then click Audit Policy.
- Double-click Audit Logon Events, and then click to clear the Success check box.
Note If a policy has been applied at the domain, site, or
organizational unit level to enable auditing of logon success, you cannot
modify the local settings. Instead you must modify Group Policy for the domain.
| Modification Type: | Major | Last Reviewed: | 4/16/2003 |
|---|
| Keywords: | kbpending kbprb KB332112 |
|---|
|