Global Object Access Auditing

Applies To: Windows 7, Windows Server 2008 R2

Global Object Access Auditing policy settings allow administrators to define computer system access control lists (SACLs) per object type for either the file system or registry. The specified SACL is then automatically applied to every object of that type.

Auditors will be able to prove that every resource in the system is protected by an audit policy by just viewing the contents of the Global Object Access Auditing policy settings. For example, a policy setting "track all changes made by group administrators" shows that this policy is in effect.

Resource SACLs are also useful for diagnostic scenarios. For example, setting a Global Object Access Auditing policy setting to log all the activity for a specific user and enabling the Object Access audit policy for a resource (file system, registry) to track "access denied" events can help administrators quickly identify which object in a system is denying a user access.

Note

If both a file or folder SACL and a Global Object Access Auditing policy setting (or a single registry setting SACL and a Global Object Access Auditing policy setting) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object Access Auditing policy. This means that an audit event is generated if an activity matches either the file or folder SACL or the Global Object Access Auditing policy.

This category includes the following subcategories:

For information on configuring, planning, and using Global Object Auditing policy settings, see:

Advanced Security Audit Policy Step-by-Step Guide

Planning and Deploying Advanced Security Audit Policies

Advanced Security Auditing FAQ