 G'day viewers, my name is Oren Thomas. I'm a principal hybrid cloud advocate at Microsoft. In this video, you'll learn about the global object access category of advanced security auditing for Windows Server. Global object access auditing policy settings allow administrators to define computer system access control lists, SACLs, the object type for the file system or for the registry. This advice is based on the documentation published on learn.microsoft.com at the link in this video's description. This video is part of a series of videos on advanced auditing and related events, the full playlist of which is linked in the video description. Some of these topics are a bit dry, but we attempt to make them so you'd be able to review information about advanced auditing in a more digestible format. As a Windows Server administrator, you should have a comprehensive understanding of advanced security auditing in Windows Server and Active Directory environments. Global object access auditing policy settings allow administrators to define computer system access control lists, SACLs, the object type for the file system or for the registry. The specified SACL is then automatically applied to every object of that type. Auditors can prove that every resource in the system is protected by an audit policy. They can do this task by viewing the contents of the global object access auditing policy settings. For example, if auditors see a policy setting called track all changes made by group administrators, they know that this policy is in effect across the system. Resource SACLs are also useful for diagnostic scenarios. For example, you want to figure out which object in a system is denying a user access. To figure this out, you can. Set the global object access auditing policy to log all the activities for that specific user. Enable the policy to track access denied events for the file system or registry. Check the event log to determine which items are generating the results. If a file or folder SACL and a global object access auditing policy setting or a single registry setting SACL and a global object access auditing policy setting are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the global object access auditing policy. This means that an audit event is generated if an activity matches the file or folder SACL or the global object access auditing policy. Policies under the object access category, which we covered in another video in this series are a whole different shenanigan to policies under global object access auditing. To confuse this even more, these policies have to be used in conjunction with one another. Just another exciting conundrum in the world of event auditing, the global object access auditing category includes the following policies, file system, registry, we will cover those policies in the rest of the video. The global object access auditing, file system policy enables you to configure a global system access control list SACL on the file system for an entire computer. If you select the configure security checkbox on the policies property page, you can add a user or group to the global SACL. This user slash group addition enables you to define computer system access control lists, SACLs, the object type for the file system. The specified SACL is then automatically applied to every file system object type. If both a file or folder SACL and a global SACL are configured on a computer, the effective SACL is derived by combining the file or folder SACL and the global SACL. This SACL with such a constitution means that an audit event is generated if an activity matches either the file or folder SACL or the global SACL. This policy setting must be used in combination with the file system security policy setting under object access. Remember that policies under object access are a whole different kettle of fish to policies under global object access auditing, even if they have to be used in conjunction with one another. The global object access auditing registry policy enables you to configure a global system access control list, SACL on the registry of a computer. If you select the configure security check box on this policies property page, you can add a user or group to the global SACL. This enables you to define computer system access control lists, SACLs per object type for the registry. The specified SACL is then automatically applied to every registry object type. This policy setting must be used in combination with the registry security policy setting under the object access category of advanced auditing policies. Remember that policies under object access are a whole different kettle of fish to policies under global object access auditing, even if they have to be used in conjunction with one another. This video provided an introduction to Windows Server advanced security global object access auditing audit policies. The advice in this video is based on the documentation published on learn.microsoft.com at the link in this video's description. Increasing the security controls applied to Active Directory will improve your overall ADDS security posture that will not make your systems invulnerable. Security is always a matter of balancing what can be pragmatically accomplished by administrators in day to day operations with an assumed breach philosophy. I hope you found this video useful and informative. My name is Aaron Thomas. You can find me at aka.ms slash oren. And if you've got any questions or feedback, drop a comment below.