After creating a file system audit policy, the next step is to configure which of these events gets audited from the Windows client. By default, no file system accesses will be audited.
Note: Only members of the Administrators local group have the right to edit the file system audit log policy from within Windows Explorer. A user that is not a member of Administrators Local Group cannot amend the audit settings of a file or directory.
-
Right-click a folder that resides on a server file system that is configured for auditing and select
Properties, and then the
Security tab.
-
Click
Advanced and select the
Auditing tab.
-
Select
Add and select which users get audited.
For example, select
Everyone so that all users get audited.
-
A box pops up and allows you to specify which events are to be audited for the specified user.
-
You can choose to audit
Successful,
Failed, or
both for each access type.