34,333
edits
Changes
no edit summary
== Enabling File and Folder Auditing ==
File and folder auditing is enabled and disabled using either Group Policy (for auditing domains, sites and organizational units) or local security policy (for single servers). To enable file and folder auditing for a singe single server, select ''Start -> All Programs -> Administrative Tools -> Local Security Policy''. In the Local Security Policy tool, expand the ''Local Policies'' branch of the tree and select ''Audit Policy''.
Use the drop down list to control whether the auditing setting is to be applied to the current file or folder, or whether it should propagate down to all children files and/or sub-folders. Finally, select which types of access are to be audited and, for each type, whether successful, failed or both kinds of attempt are to be audited. Once configured, click on ''OK'' to dismiss current dialog and then ''Apply'' the new auditing settings in the ''Auditing EntiresEntries'' dialog.
From this point on, access attempts on the selected file or folder by the specified users and groups of the types specified will be recorded in the server's security logs which may be accessed using the Events Viewer, accessible from ''Computer Management''.
