Each object has a set of security information, or security descriptor, attached to it. Part of the security descriptor specifies the groups or users that can access an object and the types of access (permissions) that are granted to those groups or users. This part of the security descriptor is known as a discretionary access control list (DACL).
A security descriptor for an object also contains auditing information. This auditing information is known as a system access control list (SACL). More specifically, a SACL specifies the following:
- The group or user accounts to audit when they
access the object.
- The operations to be audited for each group
or user; for example, modifying a file.
- A Success or Failure attribute for each
access event, based on the permissions that are granted to each
group and user in the object's DACL.
You can apply auditing to an object, and any child objects can inherit the auditing. For example, if you want to audit failed access to a folder, this auditing event can be inherited by all files within the folder.
To audit files and folders, you must be logged on as a member of the Administrators group.
| Item | Description |
|---|---|
|
Apply onto |
The object or all the parent and child relationships of that object. You can also apply the auditing entries to objects or containers within the container. |
|
Access |
The type of access permitted as listed by each individual permission. |
|
Successful |
Apply onto this object when accessed successfully for each individual permission. |
|
Failed |
Apply onto this object when access fails for each individual permission. |
Additional references