wntAuditAdd and inheritance
Keywords: wntAuditAdd
Question
I am using WinBatch to set audit records for U: and W: on NT 4.0 server. The script runs fine, it did set auditing on each folder and files as well as sub folder. The problem that I had is that, on the NT system that I have run the script, when I manually create the new sub folder or file, the audit setting did not inherit or recursive into its child folder.Answer
The inheritance problem had to do with some undocumented flags. You were specifying the access flag 128, which is the FAILED_ACCESS_ACE_FLAG. But you can also specify some inheritance flags.Here are those undocumented flags.... You can specify additional flags, by combining them with the bitwise OR ('|') operator. These are the inherit flags.
1 OBJECT_INHERIT_ACE Noncontainer child objects inherit the ACE as an effective ACE. For child objects that are containers, the ACE is inherited as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set. 2 CONTAINER_INHERIT_ACE Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set. 4 NO_PROPAGATE_INHERIT_ACE If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects. 8 INHERIT_ONLY_ACE Windows 2000: Indicates that the ACE was inherited. The system sets this bit when it propagates an inherited ACE to a child object.We think that all you will need to change is the access flag from 128 to 131.
We have since updated our documentation to refernce these flags.
Article ID: W14646Filename: wntauditadd and inheritance.txt