Tracking file/folder access

I'd like to track what files/folders a particular user accesses so I have auditing turned on for the user & files/folders I want to monitor. However, the only thing that shows up in the security logs are the 576 event id's which do not tell you the files/folders. What am I missing....
tracknutAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
floorman67Connect With a Mentor Commented:
as explained here as well as all ID codes, http://www.privacywindows.com/securityfaq/security_systems.html , event 576 is "Special privileges assigned to new logon".

here is some infor you might find useful
http://www.microsoft.com/technet/archive/winntas/support/usesecur.mspx?mfr=true


there are some 3rd party applications that can monitor in real time like filemon
http://www.sysinternals.com/Utilities/Filemon.html
0
 
tracknutAuthor Commented:
thanks...I have a user I'd like to track what folders they are accessing. Any applications that will track this and report on what they accessed?
0
 
beechfielderConnect With a Mentor Commented:
Event ID 560 tells you who opened the file, the name of the file, and what kind of access.   567 is connected and should tell you the permissions in use.  Look before the 567 event for a 560.
0
All Courses

From novice to tech pro — start learning today.