Microsoft KB Archive/225246

= File System Object Attribute Writes Cannot Be Audited Exclusive of Reads =

Article ID: 225246

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q225246



SYMPTOMS
Administrators cannot audit file system object attribute reads exclusive of file system object attribute writes.



CAUSE
As part of its initialization, the Access Control List (ACL) Editor tool attempts to open files with both write and read access. This occurs so the ACL Editor tool can disable those graphical user interface (GUI) elements the user does not have rights to modify. The result of this behavior is that a read and write audit is recorded for simple read events.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Windows 2000.



MORE INFORMATION
An administrator cannot enable auditing to generate log entries only when someone attempts to change a file system object's security attributes. Every read access of a file system object attribute generates the WRITE_DAC event in the System Event log, regardless of the granularity specified.

Keywords: kbprb KB225246

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.