Will turning on Registry Auditing affect performance?
Would there be a big performance "hit"
on Windows NT CPU processing, or the use
of lots of disk space for creating audit
records, if we turn on Registry
Auditing for the following keys on DC's
with numerous users:
Audit success and failure for Group
Audit access types:
Turning auditing on the Registry is a great idea -- it allows you to record
the activity on the various areas in the Registry. However, extensive
logging can definitely show down the system. This is because it takes some
of the computer resources to write the information to the registry files. I
knew someone who turned all auditing for the Registry, including when
Windows ran in normal operation. This pretty much locking him out of doing
any work (a weird Denial of Service!).
In your case, you are looking at only certain activity on the Registry --
mainly to see if anyone has changed the value. Based on the keys you are
auditing, I would not suspect a lot of activity.
This was first published in November 2001