Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

File System Auditing option in the Security Templates in MMC is confusing


View products that this article applies to.

Source: Microsoft Support

↑ Back to the top


Rapid publishing

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

↑ Back to the top


On Windows Server 2003 and Windows Server 2008 machines, when you set the audit flag by GPO, the audit setting applies on a file with the scope of "files only." �When this GPO is applied, audit is not set on the file. If we use Security Templates�in MMC�to create a template with the audit setting, the same issue occurs.

↑ Back to the top


Cause



Apply onto Applies permissions to current folder Applies permissions to subfolders in current folder Applies permissions to files in current folder Applies permissions to all subsequent subfolders Applies permissions to files in all subsequent subfolders

This folder only X

The folder, subfolders and files X x x x x

This folder and subfolders X x x

This folder and files X x x

Subfolders and files only x x x x

Subfolders only x x

Files only x x

Based on the documentation, "Files only" applies to files in the current folder (not the file itself). So the SDDL generated by group policy editor is correct.

To set the permission on the file, we should use "This folder only."� The wording is misleading.

↑ Back to the top


Resolution



Use "This folder only" instead of "Files only" when setting the audit flag.

↑ Back to the top


More information

  1. On a Win2K8 machine, open the Security Template MMC.
  2. Create a new template
  3. Select File System
  4. Add a file to audit
  5. Select advanced setting
  6. Select Audit
  7. Select a user and choose apply to "Files only"

    ↑ Back to the top


    Disclaimer

    MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE �MATERIALS�) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

    TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

    ↑ Back to the top


    Keywords: kbnosurvey, kbarchive, kbnomt, kbrapidpub, KB958002

    ↑ Back to the top

    Article Info
    Article ID : 958002
    Revision : 1
    Created on : 1/14/2015
    Published on : 1/14/2015
    Exists online : False
    Views : 351