Ask the Expert

Will turning on Registry Auditing affect performance?

Would there be a big performance "hit" on Windows NT CPU processing, or the use of lots of disk space for creating audit records, if we turn on Registry Auditing for the following keys on DC's with numerous users:

HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsa

HKEY_LOCAL_MACHINESystemCurentControl
SetControlSecurityProviders

HKEY_LOCAL_MACHINESoftwareMicrosoft
WindowsNTCurrentVersionWinlogon

Audit success and failure for Group
Everyone.

Audit access types:
Set Value
Create Subkey
Create Link
Delete
Write DAC

Turning auditing on the Registry is a great idea -- it allows you to record the activity on the various areas in the Registry. However, extensive logging can definitely show down the system. This is because it takes some of the computer resources to write the information to the registry files. I knew someone who turned all auditing for the Registry, including when Windows ran in normal operation. This pretty much locking him out of doing any work (a weird Denial of Service!).

In your case, you are looking at only certain activity on the Registry -- mainly to see if anyone has changed the value. Based on the keys you are auditing, I would not suspect a lot of activity.

This was first published in November 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: