Auditing system impact on performance

UPDATE 2010-06-06 (EricF) – Fixed Vista+ architecture image; link was broken on migration to new blog platform I get questions from time to time, such as my recent offline question from Steve, about what performance impact auditing has on the system as a whole. To answer this you need to understand a couple of things:…

0

Mapping pre-Vista Security Event IDs to Security Event IDs in Vista+

I’ve written twice (here and here) about the relationship between the “old” event IDs (5xx-6xx) in WS03 and earlier versions of Windows, and between the “new” security event IDs (4xxx-5xxx) in Vista and beyond. In short, EventID(WS03) + 4096 = EventID(WS08) for almost all security events in WS03. The exceptions are the logon events.  The logon…

1