Auditing settings on objects
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Each object has a set of security information, or security descriptor, attached to it. Part of the security descriptor specifies the groups or users that can access an object and the types of access (permissions) that are granted to those groups or users. This part of the security descriptor is known as a discretionary access control list (DACL).
A security descriptor for an object also contains auditing information. This auditing information is known as a system access control list (SACL). More specifically, a SACL specifies the following:
The group or user accounts to audit when they access the object.
The operations to be audited for each group or user, for example, modifying a file.
A Success or Failure attribute for each access event, based on the permissions that are granted to each group and user in the object's DACL.
You can apply auditing to an object, and, through inheritance, the auditing can apply to any child objects. For example, if you want to audit failed access to a folder, this auditing event can be inherited by all files within the folder. For more information, see How inheritance affects file and folder auditing.
To audit files and folders, you must be logged on as a member of the Administrators group.
For more information about auditing, see Auditing Security Events.