Microsoft KB Archive/332112

= IIS 6.0: Logon Success Audited by Default =

Article ID: 332112

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Services 6.0, when used with:
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-



This article was previously published under Q332112



SYMPTOMS
If you are running a high volume Web site on Internet Information Services (IIS) 6.0, the Security Event Log may fill quickly.



CAUSE
The default audit policy has been changed from earlier versions of Microsoft Windows and now audits successful logons. For IIS, this means every impersonation of the anonymous user account is audited.



RESOLUTION
To disable auditing of successful logons:
 * 1) Click Start, click Run, type Secpol.msc, and then click OK.
 * 2) Expand Local Policies, and then click Audit Policy.
 * 3) Double-click Audit Logon Events, and then click to clear the Success check box.

Note If a policy has been applied at the domain, site, or organizational unit level to enable auditing of logon success, you cannot modify the local settings. Instead you must modify Group Policy for the domain.

Additional query words: iis 5

Keywords: kbpending kbprb KB332112

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.