Doing this saves you from repeating these steps for each file. Note: If you want to track multiple files, put them into one, two or more folders to enable their auditing easily. The file’s properties window appears on the screen. Right-click the file and select “Properties” from the context menu.Open “Windows Explorer” and navigate to the file or folder that you want to audit.Step 2 – Set auditing on the files that you want to trackĪfter configuring GPO, you have to set auditing on each file individually, or on folders that contain the files.
WINDOWS SERVER 2008 SECURITY AUDITING UPDATE
To immediately update the Group Policy instead of waiting for it to auto update, run the following command in the “Command Prompt”:.Click “Apply” and “OK” to close the window.In our case, we have selected both the options because we want to audit both the successful and the failed attempts. It is recommended to select both options. Select any one or both the options as per requirement.The former lets you audit successful attempts made to access the objects, whereas the latter lets you audit failed attempts. Then, you get two options to audit – “Success” and “Failure”. On this window, click “Define these policy settings” checkbox.Double-click “Audit object access” policy to open its “Properties”.įigure 2: Properties of Audit Object Access Policy.All the available policies under “Audit Policy” are displayed in the right panel. For that, navigate to “Computer Configuration” → “Windows Settings” → “Security Settings” → “Local Policies” → “Audit Policy”.
For that, on the primary “Domain Controller”, or on the system where “Administration Tools” is installed, type “gpmc.msc” in the “Run” dialog box, and click “OK”. Launch “Group Policy Management” console.Step 1 – Set ‘Audit Object Access’ audit policyįollow these steps one by one to enable “Audit object access” audit policy: