deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3282 from MicrosoftDocs/repo_sync_working_branch

Browse Source 
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Gary Moore
2020-07-13 14:24:51 -07:00
committed by GitHub
parent eb94039a2e 916f29f16b
commit fc072d1c3e
3 changed files with 26 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/threat-protection/auditing/basic-audit-object-access.md
View File

@ -28,7 +28,8 @@ If you define this policy setting, you can specify whether to audit successes, a
To set this value to **No auditing**, in the **Properties** dialog box for this policy setting, select the Define these policy settings check box and clear the **Success** and **Failure** check boxes.
> **Note:** You can set a SACL on a file system object using the **Security** tab in that object's **Properties** dialog box.
> [!NOTE]
> You can set a SACL on a file system object using the **Security** tab in that object's **Properties** dialog box.
**Default:** No auditing.
@ -41,10 +42,10 @@ You can configure this security setting by opening the appropriate policy under
|----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 560 | Access was granted to an already existing object. |
| 562 | A handle to an object was closed. |
| 563 | An attempt was made to open an object with the intent to delete it.<br>\*\*Note: \*\* This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified in Createfile(). |
| 563 | An attempt was made to open an object with the intent to delete it.<br>**Note:** This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified in Createfile(). |
| 564 | A protected object was deleted. |
| 565 | Access was granted to an already existing object type. |
| 567 | A permission associated with a handle was used.<br>\*\*Note: \*\* A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used. |
| 567 | A permission associated with a handle was used.<br>**Note:** A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used. |
| 568 | An attempt was made to create a hard link to a file that is being audited. |
| 569 | The resource manager in Authorization Manager attempted to create a client context. |
| 570 | A client attempted to access an object.<br>**Note:** An event will be generated for every attempted operation on the object. |