I am running a Windows 2008 R2 server. My client PC is running Windows 7 Professional SP 1
I am trying to set up object-access auditing for a specific folder on the server.
I set up auditing as follows: Default Domain Policy, Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, Audit Policy, Audit Object Access, Define these policy settings, checked success.
No other group policies have anything defined for object-access-auditing.
When I run rsop on my computer Audit Object Access is set to successful.
I then went to the folder on the server from my computer.
Right Clicked, Properties, Security , Advanced, Auditing, Add, Everyone, Full Control (All Successful)
I checked subfolders and files inside the audited folder and they all have this same auditing setup.
My understanding is that when I do anything in this folder it will show up in the Security log in the event viewer on the server.
However, when I do this nothing shows up there !! Did I set this up correctly? Am I looking in the right log? What codes should I be looking for? Can I filter the log for my user account?