Auditing for Files on a DC win 2k3

I've enabled success and failure for object access for the default domain GPO and the Default DC GPO as well. I've also enabled auditing for the file itself and put the group that I want auditing for in the acl and checked that auditing is enabled for that file and for that group.

Restarted more than once and have run gpupdate on both - several times.

As a test I log into client01 as a user in that group and access this file located on the dc and try to delete it - access denied - this is good since it's read only for the group.

I check the dc event log - no entries for object access at all. I check the client system and there is only one entry for security which gets wiped out everytime  a new user logs in.  I want the local machine to NOT wipe out entries and to audit the file located on the DC.

Can anyone set me straight on this one? ( no ariticles please, thanks)

Thanks in advance!
Who is Participating?
Gen2003Connect With a Mentor Commented:
If I understood you the log entry will appear if you try to open(read data) file. If you are trying to delete it you should
- Check Delete and Delete Subfolders options (in audit).
- Check log entries on DC - not on client's PC as it is a server who will log information

All Courses

From novice to tech pro — start learning today.