Re: Root password, sure, but why wasn't the data encrypted?
Because with Windows releases up to Server 2000 don't distinguish between actually reading a file and opening a folder. Open a folder on a Windows 2000 file server and for every file in that folder you get a read hit for the AD account that opened the folder. Also every sub-folder and every file in every sub-folder will generate a read event. So many events are generated that you need to up the hard disk requirement by 50% just to record the events, let alone attempt to generate a decent alert or two, instead of 1,000s.