My goal is to have a failed security log to post in the event viewer when someone tries to access a folder or file they do not have access to. I enabled 'failed' file audits for the 'everyone' group. I set the option 'List/Folder Read Data'. Shouldn't this simply place an entry in my security log when someone is denied access to a folder or file? I'm getting all kind of failed security logs when people are successfully accessing files. Why is it logging successful attempts to files and folders?