We have recently enabled auditing on our file server. I am noticing that we get quite a few events each time a file is created, deleted, etc. I have noted that Event ID 560 is associated with a file modification, but I also receive them for other actions. I need to be able to look at the Event Viewer and know what file was acceessed, in what way and by who. My question is: how can I definitivley tell which ID is for what action?
Thanks in advance