Here are the facts:
I have a server that holds a ton of information that is accessed by 5000 employees
I want to audit object access on one folder, and one folder only
I have seen a lot of information on this subject and they all say the same thing:
Step One - Go to the group policy editor and turn on successful events for Audit Object Access
Step Two - Go to the folder I want to audit and add the group or users I want to audit, then select the "actions" you want to audit
I have already learned that doing step two without step one produces zero results. HERE IS THE REAL QUESTION. If I do step one, but dont define a folder to audit, will it start filling up my security log with stuff, OR, Is step two required to get any results at all.
Thanks in advanve for your help.