What I want is;
I want to audit followings for files and folders in our two domain controllers, but not other computers.
1. audit file and folder access
2. audit changing of permissions for folders and files
I turned on 'Audit object access' and 'Audit privilege usage' in Control panel/administrative tools/Domain Controller Security Policy. Then, I changed permission of a folder on the server through network, it doesn't record who changed and what folder was changed for permissions.
Domain controller: win 2k3 std.