8
1
I believe there is no other way to check on a Windows System (for instance Win 7) who has copied or access a file or folder except for enabling File Auditing in the Local Security Policy.
Now that I have enabled the policy (Security Settings > Audit Policy > Audit Object Access (Success, Failure); my question is how do I know now if someone has copied/viewed/modified the file/folder?
From what I understand of the event ID's (And I also tried it) event logs will only be generated for the objects (files) on whom I Right click > Properties > Security > Advances > Audit and then add a specific user for whom I can audit.
What I want is for all the files in a filder; I am able to carry out audit for any user of my domain as its not possible for me to add users to it manually. Will that be possible ? – None – 2012-12-20T07:41:47.910