When you use Windows Server 2003 to mount a volume to an empty folder in an NTFS volume and configure auditing for the mount point folder, events are logged in the Security log, but events are not logged for the root of the mounted volume.

This behavior occurs because auditing settings are not inherited from the mount point folder to the root of the mounted volume.

To workaround this problem, also configure auditing for the root of the mounted volume.

NOTE See You cannot apply permissions to the root directory of an NTFS file system volume in Windows Server 2003