Would there be a big performance "hit" on Windows NT CPU processing, or the use of lots of disk space for creating audit records, if we turn on Registry Auditing for the following keys on DC's with numerous users:
Audit success and failure for Group
Audit access types:
Turning auditing on the Registry is a great idea -- it allows you to record the activity on the various areas in the Registry. However, extensive logging can definitely show down the system. This is because it takes some of the computer resources to write the information to the registry files. I knew someone who turned all auditing for the Registry, including when Windows ran in normal operation. This pretty much locking him out of doing any work (a weird Denial of Service!).
In your case, you are looking at only certain activity on the Registry -- mainly to see if anyone has changed the value. Based on the keys you are auditing, I would not suspect a lot of activity.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.