Step #1 Define Auditing Settings
You can accomplish this by two ways the first way is on server itself, and the second one is on a group of server. In this blog I will describe both scenarios:
Scenario No.1: Configure Auditing on server itself:
- Open Run and type gpedit.msc to open Local Group Policy Management Editor Console.
- Go to Computer Configuration –> Windows Settings –> Security Settings –> Local Policy –> Audit Policy, and define what you want to audit either the Success or Failure action, then close this window.
Scenario No.2: Configure Auditing on a Group Of Servers via GPO:
- After add all target Servers inside specific Organizational Unit (OU).
- Open Group Policy Management Console.
- Go to target OU, right click and select Create GPO in this Domain, and link it here…
- Open Computer Configuration –> Policies –> Windows Settings –> Local Policies –> Audit Policy, and define what you want to audit either theSuccess or Failure action, then close this window, and close GPMC window as well.
Step #2 Apply Auditing Settings for a Folder/File
- Right-click on the needed object and click Properties, open Security tab, then click on Advanced
- Open Auditing tab, and add set the following fields with the needed values:
- Principle: select the needed user.
- Type: select the needed action you want to log
- Applies To: select auditing level (folder, files… etc.)
- Permissions: choose the needed permissions for auditing.
- Close Auditing Entry
- Close Auditing Security Settings
- Close Properties