Q

Will turning on Registry Auditing affect performance?

Would there be a big performance "hit" on Windows NT CPU processing, or the use of lots of disk space for creating audit records, if we turn on Registry Auditing for the following keys on DC's with numerous users:

HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsa

HKEY_LOCAL_MACHINESystemCurentControl
SetControlSecurityProviders

HKEY_LOCAL_MACHINESoftwareMicrosoft
WindowsNTCurrentVersionWinlogon

Audit success and failure for Group
Everyone.

Audit access types:
Set Value
Create Subkey
Create Link
Delete
Write DAC

Turning auditing on the Registry is a great idea -- it allows you to record the activity on the various areas in the Registry. However, extensive logging can definitely show down the system. This is because it takes some of the computer resources to write the information to the registry files. I knew someone who turned all auditing for the Registry, including when Windows ran in normal operation. This pretty much locking him out of doing any work (a weird Denial of Service!).

In your case, you are looking at only certain activity on the Registry -- mainly to see if anyone has changed the value. Based on the keys you are auditing, I would not suspect a lot of activity.

This was first published in November 2001

Dig deeper on Windows legacy operating systems

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close