How inheritance affects file and folder auditing

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

How inheritance affects file and folder auditing

After you set up auditing on a parent folder, new files and subfolders that are created in that folder inherit auditing. If you do not want them to inherit auditing, in the Apply onto box in the Auditing Entry for File or Folder dialog box, click This folder only when you set up auditing for the parent folder. In cases where you want to prevent only certain files or subfolders from inheriting auditing, right-click the file or subfolder that you want to prevent from inheriting auditing, click Properties, click the Security tab, click Advanced, click the Auditing tab, and then clear the check box that is labeled Inherit from parent the auditing entries that apply to child objects. Include these with entries explicitly defined here.

If the check boxes in Auditing Entry for File or Folder are unavailable or if, in Access Control Settings, the Remove button is unavailable, auditing has been inherited from the parent folder.

To make changes to inherited auditing:

  • Make the changes to the parent folder, and then the file or folder will inherit auditing.

  • On the Auditing tab in the Advanced Security Settings for File or Folder dialog box, clear the check box that is labeled Inherit from parent the auditing entries that apply to child objects. Include these with entries explicitly defined here. You can then click Edit or Remove to make changes or remove auditing. However, the file or folder will no longer inherit auditing changes from the parent folder.

For more information, see Auditing Security Events.