Reading Time: 3 minutes

Because sometimes we need another log to manage

Without a doubt there will be a time in your life – perhaps that time is now – when you need to kick up the logging and reporting on your network to process a few audits of file access, deletion, moves, etc.

It could be from users accidentally moving files on the network, a concern of data breech or simply because you want to review the activities on your network – Auditing is not only something that is good to know how to do but can also save your tail if needed.

To enable file auditing on a file or folder in Windows:

  1. Locate the file or folder you want to audit in Windows Explorer.
  2. Right-click the file or folder and then click Properties.
  3. Click the Security tab at top.
  4. From the Security tab Click Advanced at bottom right of window.
  5. Click the Auditing tab, third tab from the left.
  6. Click Add at bottom left of window.
  7. Select Principal ( blue text at top left of window ). Enter the name of a user or group you want to audit for the selected file or folder, and click Check Names to validate your entry. For this example, we selected Everyone.
  8. Click OK.
  9. Select Success and Failure options next to Full control to audit everything for the selected file or folder.
  10. Optionally, clear Success and Failure for unwanted events, such as:
    • Read attributes
    • Read extended attributes
    • Write extended attributes
    • Read permissions
  11. Click OK in each window until you are back at the Windows Explorer window.
  12. Repeat these steps for all files or folders you want to audit

The steps are repeated again below but with screen shots.

1. Locate the file or folder you want to audit in Windows Explorer

2. Right-click the file or folder and then click Properties.

3. Click the Security tab at top.

4. From the Security tab Click Advanced at bottom right of window.

5. Click the Auditing tab, third tab from the left.

6. Click Add at bottom left of window.

7. Select Principal ( blue text at top left of window ). Enter the name of a user or group you want to audit for the selected file or folder, and click Check Names to validate your entry. For this example, we selected Everyone.

8. Click OK.

9. Select Success and Failure options next to Full control to audit everything for the selected file or folder.

10. Optionally, clear Success and Failure for unwanted events, such as:

  • Read attributes
  • Read extended attributes
  • Write extended attributes
  • Read permissions


11. Click OK in each window until you are back at the Windows Explorer window.

12. Repeat these steps for all files or folders you want to audit

Leave a Reply

Your email address will not be published. Required fields are marked *