Auditing Entry Dialog Box
Applies To: Windows Server 2008
Each object has a set of security information, or security descriptor, attached to it. Part of the security descriptor specifies the groups or users that can access an object and the types of access (permissions) that are granted to those groups or users. This part of the security descriptor is known as a discretionary access control list (DACL).
A security descriptor for an object also contains auditing information. This auditing information is known as a system access control list (SACL). More specifically, a SACL specifies the following:
The group or user accounts to audit when they access the object.
The operations to be audited for each group or user, for example, modifying a file.
A Success or Failure attribute for each access event, based on the permissions that are granted to each group and user in the object's DACL.
You can apply auditing to an object, and, through inheritance, the auditing can apply to any child objects. For example, if you want to audit failed access to a folder, this auditing event can be inherited by all files within the folder.
To audit files and folders, you must be logged on as a member of the Administrators group.
Item | Description |
---|---|
Apply onto |
The object or all the parent and child relationships of that object. You can also apply the auditing entries to objects or containers within the container. |
Access |
The type of access permitted as listed by each individual permission. |
Successful |
Apply onto this object when accessed successfully for each individual permission. |
Failed |
Apply onto this object when access fails for each individual permission. |
Additional references