With Global Object Access Auditing, administrators can define computer SACLs per object type for either the file system or registry. The specified SACL is then automatically applied to every object of that type.
Auditors will be able to prove that every resource in the system is protected by an audit policy by just viewing the contents of the Global Object Access Auditing policy setting. For example, a policy setting "track all changes made by group administrators" will be enough to show that this policy is in effect.
Resource SACLs are also useful for diagnostic scenarios. For example, setting a Global Object Access Auditing policy to log all the activity for a specific user and enabling the Access Failures audit policies in a resource (file system, registry) will help administrators quickly identify which object in a system is denying a user access.
Note
If both a file or folder SACL and a Global Object Access Auditing policy (or a single registry setting SACL and a Global Object Access Auditing policy) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object Access Auditing policy. This means that an audit event is generated if an activity matches either the file or folder SACL or the Global Object Access Auditing policy.
| 