I have auditing enabled on a lot of directories and files.  In many cases I am finding objects are configured for inheritance, yet the audit settings from the parent object are not being applied.  If I remove and reapply inheritance via Windows Explorer, the correct audit settings get applied.  I need a way to search for all of the objects with the incorrect audit settings so they can be corrected.

Example:

E:\SharedFolder\ has an audit setting of DOMAIN\Domain Users:This folder, subfolders and files:Full Control:Successful,Failed

E:\SharedFolder\Folder1 has "Include inheritable auditing entries from this object's parent" checked, but the only ACE is Everyone:This folder, subfolders and files:Full Control:Successful,Failed and it is an "inherited" entry (vs. explicitly defined).

I have millions of files that are DFS replicated, so I do not simply want to go through all of the top-level directories and re-apply the desired SACLs and this trigger replication of all of that data.  I want to fix the hundreds (or thousands) of incorrectly configured directories.

-Jeff

Hi Jeff,

I'm afraid that there is no simple way to "refresh all audit settings" - we may still have to do this per folder.

However with PowerShell it may be a little easier than in GUI.

http://blogs.technet.com/b/bulentozkir/archive/2009/12/26/bir-dizinde-folder-everyone-i-in-auditing-i-aktif-eden-rnek-powershell-scripti.aspx

Above article provided the steps to set audit on folder via PowerShell cmdlet. This page provided detailed explanation about each cmdlet. 

You can output all shared folders which need to be audited, set a script to run the Powershell cmdlets and replace the $Path with each shared folders.