Logging file access
- Thread starter Baz
- Start date
You need to enable auditing in a policy. Either local policy (gpedit.msc) or group policy assigned to an OU containing the server.
Computer config - Windows settings - security settings - local policies - audit policy.
Enable auding of object access for sucess and failure.
Then, on the folder you want to audit, select properties, security, advanced then audit. Add the users you want to audit (or a group containing everyone) and select the events you want to log.
The audit will be written to the security log of the server, which you can then export to CSV if you want to do anything with it. Be warned though, the security log file may fill up quickly so check the size and retention settings for it!
Computer config - Windows settings - security settings - local policies - audit policy.
Enable auding of object access for sucess and failure.
Then, on the folder you want to audit, select properties, security, advanced then audit. Add the users you want to audit (or a group containing everyone) and select the events you want to log.
The audit will be written to the security log of the server, which you can then export to CSV if you want to do anything with it. Be warned though, the security log file may fill up quickly so check the size and retention settings for it!
