最近遇到SQL Server 数据库、AOS数据库磁盘性能瓶颈的问题,解决方案记录如下。
When you install McAfee on Windows Server 2008, and probably Windows Vista also, you can get a lot of messages in your security log. Like this one:
Event ID 5156 means that WFP has allowed a connection. When most connections are allowed your security log will fill up very fast.
You can disable Object Access auditing but then you’ll miss other events which might be of interest. So, instead, let’s just disable Success Auditing for Filtering Platform Connections. It’s not possible to disable auditing subcategories with a policy or other GUI tool, but I found out that you can enable and disable specific subcategories with a special command-line tool:
Auditpol.exe, which is included with Windows Vista and Windows Server 2008. I used the following command:
auditpol /set /subcategory:”Filtering Platform Connection” /success:disable /failure:enable
或者 打开组策略编辑器(cmd-gpedit.msc),设置策略
As you can see this disables Success auditing for the Filtering Platform Connection subcategory.
For more info check out this article: http://msdn.microsoft.com/en-us/library/bb309058(VS.85).aspx
转载请注明:ww12345678 的部落格 | AX Helper » [转]Get rid of Event ID 5156: The Windows Filtering Platform has allowed a connection