Share via

Object Access

Applies To: Windows 7, Windows Server 2008 R2

Object Access policy settings and audit events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit attempts to access a file, directory, registry key, or any other object, you must enable the appropriate Object Access auditing subcategory for success and/or failure events. For example, the File System subcategory needs to be enabled to audit file operations, and the Registry subcategory needs to be enabled to audit registry accesses. Proving that these audit policies are in effect to an external auditor is even more difficult. There is no easy way to verify that the proper SACLs are set on all inherited objects. To address this issue, see Global Object Access Auditing. This category includes the following subcategories:

For more information about audit events that are generated by Object Access audit settings in Windows Server 2008 R2 and Windows 7, see Security Audit Events for Windows 7 and Windows Server 2008 R2 (