Remove dependancy on the security log
Right now the file audit portion of ADAudit relies on SACLs and the security log of the file server which is horribly inefficient. Opening a single file creates over 50 log entries (and they all show up in ADAudit).
Can you look into creating a small filter driver agent that can do event correlation so opening a file will only create one entry?
New to ADSelfService Plus?