This shouldn't really be a problem, but for some odd reason, we are having problems enabling file access auditing on one of our Windows machines.
The server is an Active Directory member server. An audit policy has been created on the folder (auditing "everyone" - full control (failed and successful) including all files and subfolders, and having been inherited to the child folders). In addition, failed, and successful object access has been enabled in the local security policy of the machine. No group policys define this value otherwise. The partition on which the folder to to be audited resides is formatted as an NTFS parition.
For everything done on this machine, we get hundreds of log entries. The only problem is, that which we want logged is not being logged - who touched what file and how they accessed it (at least the file name and path are seen nowhere in any entry).
I've done enough troubleshooting, (re)read MSDN articles, etc.
- it applies for XP, but the method is the same)
Does anyone have any ideas what the problem might be and if there are any other options that affect these settings?