I've been tasked with configuring Group Policy/writing a .NET Windows Service which will add entries into a Windows Event Log whenever a user opens or copies a file/files from any optical media (not interested in removable USB drives).
My first attempt was to use C# and get the list of processes and see what files they had open and if the path started with an optical drive letter. This didn't work as while some programs keep the file open (e.g. Acrobat Reader) others do not (Internet Explorer, Notepad). My second attempt was to turn on auditing of object access along with setting the file access security audit on the disc drive ... which you can't do, because there's no security on read-only file systems. My last ditch attempt was to use the auditing of removable storage group policy, but that doesn't add any log entries for optical media (I tested a USB pen drive and that did create entries), additionally it's only available in Windows 8+ and I need to support Windows 7.
So, I am all out of ideas and turning to the experts here to see if you have any ideas on how I could approach this problem.