File System Object Attribute Writes Cannot Be Audited Exclusive of Reads (225246)



The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional

This article was previously published under Q225246

SYMPTOMS

Administrators cannot audit file system object attribute reads exclusive of file system object attribute writes.

CAUSE

As part of its initialization, the Access Control List (ACL) Editor tool attempts to open files with both write and read access. This occurs so the ACL Editor tool can disable those graphical user interface (GUI) elements the user does not have rights to modify. The result of this behavior is that a read and write audit is recorded for simple read events.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Windows 2000.

MORE INFORMATION

An administrator cannot enable auditing to generate log entries only when someone attempts to change a file system object's security attributes. Every read access of a file system object attribute generates the WRITE_DAC event in the System Event log, regardless of the granularity specified.

Modification Type:MajorLast Reviewed:10/6/2003
Keywords:kbprb KB225246