Background: We are, for reasons beyond my control, giving domain admin access to a user who may cause issues down the road. Not giving access to this user is now off the table and my hands are tied. So, as a result, I need to setup auditing to make sure that when they break something, we are covered and can show where the issue arose from.
Problem: I have successfully enabled AD DS auditing and now I am attempting to set up auditing on the DFS share and the user redirected documents. However, I checked the security log and it looks like every action taken on the DFS share is already being audited. I have looked all the way up the folder path and auditing is not enabled for anyone except this one user. Every time a user accesses their files, it is auditing it. The Security log is set to ~500MB and the log only has about 3 hours in it because it is full of users accessing their docs. Is there a way to stop auditing for everyone accessing their docs or another way to go about this? Thank you!
Environment: All servers running 2008/2008R2, DFS branched out to 5 remote locations, All local machines running Windows 7 and joined to the domain.