Auditing User Access of Files, Folders, and Printers
The audit log appears in the Security log in Event Viewer. To enable this feature:
- Click Start, click Control Panel, click Performance and Maintenance, and then click Administrative Tools.
- Double-click Local Security Policy.
- In the left pane, double-click Local Policies to expand it.
- In the left pane, click Audit Policy to display the individual policy settings in the right pane.
- Double-click Audit object access.
- To audit successful access of specified files, folders and printers, select the Success check box.
- To audit unsuccessful access to these objects, select the Failure check box.
- To enable auditing of both, select both check boxes.
- Click OK.
Specifying Files, Folders, and Printers to Audit
After you enable auditing, you can specify the files, folders, and printers that you want audited. To do so:
- In Windows Explorer, locate the file or folder you want to audit. To audit a printer, locate it by clicking Start, and then clicking Printers and Faxes.
- Right-click the file, folder, or printer that you want to audit, and then click Properties.
- Click the Security tab, and then click Advanced.
- Click the Auditing tab, and then click Add.
- In the Enter the object name to select box, type the name of the user or group whose access you want to audit. You can browse the computer for names by clicking Advanced, and then clicking Find Now in the Select User or Group dialog box.
- Click OK.
- Select the Successful or Failed check boxes for the actions you want to audit, and then click OK.
- Click OK, and then click OK.