File System Object Attribute Writes Cannot Be Audited Exclusive of Reads (225246)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional
This article was previously published under Q225246 SYMPTOMS
Administrators cannot audit file system object attribute reads exclusive of file system object attribute writes.
CAUSE
As part of its initialization, the Access Control List (ACL) Editor tool attempts to open files with both write and read access. This occurs so the ACL Editor tool can disable those graphical user interface (GUI) elements the user does not have rights to modify. The result of this behavior is that a read and write audit is recorded for simple read events.
STATUSMicrosoft has confirmed that this is a problem in Microsoft Windows 2000.
MORE INFORMATION
An administrator cannot enable auditing to generate log entries only when someone attempts to change a file system object's security attributes. Every read access of a file system object attribute generates the WRITE_DAC event in the System Event log, regardless of the granularity specified.
Modification Type: | Major | Last Reviewed: | 10/6/2003 |
---|
Keywords: | kbprb KB225246 |
---|
|