Does anyone know how to make Windows 2003 identify a specific user each time that person accesses a share on a file server? The Audit Policy is set so that "Audit account logon event" and "Audit account management" and "Audit logon events" are all set to record Success and Failure. We also have "Audit object access" set to record failure. But when I view the Security log, I get very few actual user names and a ton of ANONYMOUS LOGON entries. For everyday business, we don't need to record each file/folder access, just when a user connects/disconnects to a share. The ANONYMOUS LOGON entries don't record a username. This is on a domain member server, so each user is authenticating to the DC, not to the local SAM.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!