Question about setting up audit for specific folder

I need to setup auditing on a specific folder hosted on a Windows Server 2012.

I first setup auditing policy using GPO (within security policy), then I configured the audit settings on the required folder.

What I don't understand, is once I configure the policy, the server security log rapidly fills in with many events recording access to objects such as C:\Windows\System32\UIAutomationCoreRes.dll, and so on. Shouldn't that happen only after I configure audit setting on the required folder ?

Thanks!
LVL 2
ferraristaAsked:
Who is Participating?
 
Naveen SharmaConnect With a Mentor Commented:
First you enable auditing, which by itself doesn't audit anything, then you configure the audit settings on the object you want to be audited.

Enable file and folder access auditing on Windows Server 2012:
https://www.lepide.com/how-to/enable-file-folder-access-auditing-windows-server-2012.html
0
 
Naveen SharmaCommented:
Answered.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.