Audit directory service access
 | The size of the Windows log grows with each log entry. Note the available hard disk space. |
File and folder access operations can be logged in Windows. Each time a user accesses the selected files or folders, a so-called audit event is recorded in the Windows log.
Create audit policy for file and folder access:
- 1. Call up the Run dialog via the shortcut [Windows key] + [R] and enter secpol.msc.
The Local Security Policy window appears.
- 2. Click on Local Policies > Audit Policy in the structure tree on the left and select the policy Audit object access.
- 3. Select the Failure check box if you only want to log unsuccessful accesses. Also select the Success check box if you also want to log successful accesses.
- 4. Right-click on the relevant file or folder and then on Properties.
- 5. Select the Security tab and then click on Advanced.
- 6. Select the Auditing tab, click on Add to create a new entry for auditing.
- 7. To set up auditing for a user or group, enter the name of the desired user or group and then select OK.
- 8. The logged entries can now be viewed in the Event Viewer, which you can call up with [Windows key] + [R] and the entry eventvwr. The entries can then be viewed under Windows Logs > Security.