One of our colleague was configuring Auditing on MSSQL Server using Arcsight (more info about the tool can be found here ) and one of the steps is to create SQLTRACE folder and SHARE the folder and provided the necessary permissions for Arcsight AD user to read the SQL Trace files, and then enable the Auditing in MSSQL server and see the files are generating in the SQLTRACE folder. All went well, he could see the files but Arcsight AD user couldn’t see the files.
One thing was very sure, this is related to permissions issue but how come ? If we see the permission on the SQLTRACE it exists (right click -> properties -> security ) and even the Advanced includes “Applies To” – “This folder, subfolder and files” for that user, but the same doesn’t exits for the SQL trace files generated from MSSQL Server.
Then this magic command ICACLS actually did the trick.
Here is the actual command
icacls * /T /Q /C /RESET
That’s it ! It worked.