How to change the "Applies To" field under folder auditing options programatically (.NET)

Question

I am trying to set the "Applies To" field under folder auditing options programatically. In MSDN, the code example there uses the FileSystemAuditRule class to add a new audit rule to a folder. There is nothing obvious in this class to set what the particular audit rule needs to be applied to.

This is the code I am using to set some permissions:

const string myFolder = @"S:\Temp\SomeFolderToAudit";

var account = new SecurityIdentifier(WellKnownSidType.WorldSid, null).Translate(typeof(NTAccount));

FileSecurity fSecurity = File.GetAccessControl(myFolder, AccessControlSections.Audit);

fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, AuditFlags.Success));

File.SetAccessControl(myFolder, fSecurity);

This creates the audit rules nicely except for the highlighted option below:

I need this to be "This folder, subfolders and files" for example or anything other than "This folder only". I don't want to traverse all directories and files and set the same auditing rules on them. I don't want to try and manage inheritance either, the rules will be protected from that. I simply need a way to set this option preferably using managed code (P/Invokes are welcome if this is the only way).

Thanks in advance for any assistance.

Answer 1

After a bit of fiddling around I managed to find out how to set the "Applies to" field. You need to use a combination of InheritanceFlags and PropagationFlags when creating your audit rule object.

Here is the example code (based on the question example) that shows you the combinations of flags and what their outcomes are to the "Applies to" field:

// This folder only (default)
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AuditFlags.Success));
// This folder and subfolders
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit, PropagationFlags.None, AuditFlags.Success));
// This folder and files
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ObjectInherit, PropagationFlags.None, AuditFlags.Success));
// This folder, subfolders and files
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AuditFlags.Success));
// Subfolders only
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AuditFlags.Success));
// Files only
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AuditFlags.Success));
// Subfolders and files only
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AuditFlags.Success));

This information and much more on access control can be found on this very useful page by Michael Taylor.