is it possible (I presume it must be) to audit/capture in Active Directory each time a user is added to a security group, e.g. time, which admin added them as a member, and similarly, on a windows file server, each time the ACL changed for a directory on a certain drive, e.g a new access control entry was added to the access control list, permissions for an existing access control entry on the access control list were amended.
I need to check a) is this level of auditing possible without buying a 3rd party tool, does it pre-exist within windows/AD b) how can I check if it is enabled already, and where exactly are the logs written to for such occurrences if enabled, are there specific ID's for what I have listed above.
We have very strict rules around authorisation when someone requires access to some sensitive directories on a file server, and I am looking into ways access could be achieved, e.g. added to a group already with access, ACL directly amended.
Have I covered all bases here, or could there be other 'actions' that could grant users access to a directory on a file server?