When networking shared resources, you should audit the individual folders you are sharing out. This allows you to ‘see’ who is using the folders and how files are being manipulated.
How to Audit User Access of Files, Folders, and Printers
The audit log appears in the Security log in Event Viewer. To enable logging:
- Click Start, go to the Control Panel, click on Performance and Maintenance, and click Administrative Tools.
- Open the Local Security Policy.
- In the left pane, double-click Local Policies.
- Click Audit Policy to display the individual policy settings.
- Click Audit object access.
- Select the Success check box on items you would like to monitor.
- Select the Failure check box on items you would like to monitor.
- You can select both check boxes to audit Success and Failures.
- Click OK.
How to Specify Files, Folders, and Printers to Audit
Once you enable auditing, you can specify the files, folders, or printers that you want audited. :
- Locate the file or folder you want to audit. To audit a printer, locate it by clicking Start, and clicking Printers and Faxes.
- Right-click the file, folder, or printer you want to monitor (audit) , click Properties.
- Click on the Security tab, and click the advanced button.
- Click on the Auditing tab, and click on add.
- Clicking Advanced, and click Find Now -navigate to the person or group you would like to audit.
- Click OK.
- Select the Successful or Failed check boxes (select the ones you want)click OK.
- Click OK, click OK.