To audit file and folder access, object-level auditing must be enabled. This can be achieved in three ways:
- Using Windows shares
- Using PowerShell cmdlets
- Using Global Object Access Auditing
Using Windows shares
- Right-click on the share folder that you want to audit, and select Properties.
- Click on the Security tab > Advanced, and then click on the Auditing tab. For the Everyone group, add the following entries:
| |
Principal |
Type |
Access |
Applies To |
| File/folder changes |
Everyone |
Success, Failure |
- Create files / Write data
- Create folders / Append data
- Write attributes
- Write extended attributes
- Delete subfolders and files
- Delete
|
This folder, subfolders, and files |
| Folder permission and owner changes |
Everyone |
Success, Failure |
- Take ownership
- Change permissions
|
This folder and subfolders |
