Configuring object level auditing - Using GPO

To audit file and folder access, object-level auditing must be enabled. This can be achieved in three ways:

Using Windows shares
Using PowerShell cmdlets
Using Global Object Access Auditing

Using Global Object Access Auditing

Log in to any computer that has the GPMC with Domain Admin credentials.
Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, and select Edit.

Note:

To enable FIM on	Right-click
Domain controller	Default Domain Controllers Policy GPO
Windows server	ADAuditPlusMSPolicy GPO
Workstation	ADAuditPlusWSPolicy GPO

In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Global Object Access Auditing > File system > Define this policy setting > Configure. For the Everyone group, add the following entries:

	Principal	Type	Access
File/folder changes	Everyone	Success, Failure	Create files / Write data Create folders / Append data Write attributes Write extended attributes Delete subfolders and files Delete
Folder permission and owner changes	Everyone	Success, Failure	Take ownership Change permissions

我们的客户