• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 593
  • Last Modified:

Folder/file access audit

I would like to audit a specific folder and its contents for user access.  I have turned on "audit object access" and then turned auditing on at the folder but my security event log seems to get filled with a ton of other events.  How can I narrow down the events that get logged and only log the access of the contents of the single folder?
1 Solution
Mike KlineCommented:
Are you using Windows 2003 or 2008 and higher?  If you are on 2008 you can use the Advanced Audit Policies,

See screnshot below, notice how you can get more granular

You can't get more granular on 2003/2000


SandeshdubeySenior Server EngineerCommented:
I would also recommend to enable minimal audit setting on files and folder(like delete operation) as this will create strom of events. Auditing can generate a large amount of data.Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.

Regarding Win2008 auditing see this similar thread,you will see the actuall subcategories of the granular auditing:http://social.technet.microsoft.com/Forums/windowsserver/en-US/4614f842-db36-4c75-9bc4-3854491eaf62/server-2008r2-file-system-auditing?forum=winservergen
Hope this helps
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now