No events are logged in the Security log for the root of the mounted volume when you configure auditing for a mount point folder in Windows Server 2003 (922696)


The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Web Edition

SYMPTOMS

Consider the following scenario. On a Microsoft Windows Server 2003-based computer, you mount a volume to an empty folder on an NTFS file system volume. You configure auditing for the mount point folder. Events are logged in the Security log for the mount point folder. However, no events are logged in the Security log for the root of the mounted volume. Additionally, when you configure auditing for the mount point folder, you do not receive any notification about this issue.

CAUSE

This issue occurs because you cannot configure auditing across a mount point. Auditing settings cannot be inherited from the mount point folder to the root of the mounted volume.

RESOLUTION

To resolve this issue, configure auditing directly for the root of the mounted volume.

MORE INFORMATION

For more information about a similar issue that you may experience when you work with mounted volumes in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

832234 You cannot apply permissions to the root directory of an NTFS file system volume in Windows Server 2003

Modification Type:MajorLast Reviewed:7/14/2006
Keywords:kbtshoot kbExpertiseInter kbprb KB922696 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.