Auditing Entry Dialog Box

Applies To: Windows 7, Windows Server 2008 R2

Each object has a set of security information, or security descriptor, attached to it. Part of the security descriptor specifies the groups or users that can access an object and the types of access (permissions) that are granted to those groups or users. This part of the security descriptor is known as a discretionary access control list (DACL).

A security descriptor for an object also contains auditing information. This auditing information is known as a system access control list (SACL). More specifically, a SACL specifies the following:

  • The group or user accounts to audit when they access the object.

  • The operations to be audited for each group or user; for example, modifying a file.

  • A Success or Failure attribute for each access event, based on the permissions that are granted to each group and user in the object's DACL.

You can apply auditing to an object, and any child objects can inherit the auditing. For example, if you want to audit failed access to a folder, this auditing event can be inherited by all files within the folder.

To audit files and folders, you must be logged on as a member of the Administrators group.

Item Description

Apply onto

The object or all the parent and child relationships of that object. You can also apply the auditing entries to objects or containers within the container.

Access

The type of access permitted as listed by each individual permission.

Successful

Apply onto this object when accessed successfully for each individual permission.

Failed

Apply onto this object when access fails for each individual permission.

Additional references