Export (0) Print
Expand All

Global Object Access Auditing

Updated: July 15, 2010

Applies To: Windows 7, Windows Server 2008 R2

Global Object Access Auditing policy settings allow administrators to define computer system access control lists (SACLs) per object type for either the file system or registry. The specified SACL is then automatically applied to every object of that type.

Auditors will be able to prove that every resource in the system is protected by an audit policy by just viewing the contents of the Global Object Access Auditing policy settings. For example, a policy setting "track all changes made by group administrators" shows that this policy is in effect.

Resource SACLs are also useful for diagnostic scenarios. For example, setting a Global Object Access Auditing policy setting to log all the activity for a specific user and enabling the Object Access audit policy for a resource (file system, registry) to track "access denied" events can help administrators quickly identify which object in a system is denying a user access.

noteNote
If both a file or folder SACL and a Global Object Access Auditing policy setting (or a single registry setting SACL and a Global Object Access Auditing policy setting) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object Access Auditing policy. This means that an audit event is generated if an activity matches either the file or folder SACL or the Global Object Access Auditing policy.

This category includes the following subcategories:

For information on configuring, planning, and using Global Object Auditing policy settings, see:

Advanced Security Audit Policy Step-by-Step Guide

Planning and Deploying Advanced Security Audit Policies

Advanced Security Auditing FAQ

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft