To audit file and folder access, object-level auditing must be enabled. This can be achieved in three ways:
- Using Windows shares
- Using PowerShell cmdlets
- Using Global Object Access Auditing
Using Windows shares
- Right-click on the share folder that you want to audit, and select Properties.
- Click on the Security tab > Advanced, and then click on the Auditing tab. For the Everyone group, add the following entries:
| | Principal | Type | Access | Applies To |
|---|
| File/folder changes | Everyone | Success, Failure | - Create files / Write data
- Create folders / Append data
- Write attributes
- Write extended attributes
- Delete subfolders and files
- Delete
| This folder, subfolders, and files |
| Folder permission and owner changes | Everyone | Success, Failure | - Take ownership
- Change permissions
| This folder and subfolders |
