I set up file auditing per this guide: https://blogs.technet.microsoft.com/mspfe/2013/08/26/auditing-file-access-on-file-servers/
I can see all file edits and deletions made by accounts which are accessing the file server through a network share.
This works for most use cases.
But I noticed that if a locally logged in admin account makes changes to files, those changes are not logged.
The same account, accessing files remotely via a network share, does have the file changes logged by the server.
Is there a step missing on this guide to enable auditing for locally logged in accounts or is this by design?