How to Enable File Auditing in Windows Server 2012 R2

Because sometimes we need another log to manage

Without a doubt there will be a time in your life – perhaps that time is now – when you need to kick up the logging and reporting on your network to process a few audits of file access, deletion, moves, etc.

It could be from users accidentally moving files on the network, a concern of data breech or simply because you want to review the activities on your network – Auditing is not only something that is good to know how to do but can also save your tail if needed.

To enable file auditing on a file or folder in Windows:

1. Locate the file or folder you want to audit in Windows Explorer.
2. Right-click the file or folder and then click Properties.
3. Click the Security tab at top.
4. From the Security tab Click Advanced at bottom right of window.
5. Click the Auditing tab, third tab from the left.
6. Click Add at bottom left of window.
7. Select Principal ( blue text at top left of window ). Enter the name of a user or group you want to audit for the selected file or folder, and click Check Names to validate your entry. For this example, we selected Everyone.
8. Click OK.
9. Select Success and Failure options next to Full control to audit everything for the selected file or folder.
10. Optionally, clear Success and Failure for unwanted events, such as:
    • Read attributes
    • Read extended attributes
    • Write extended attributes
    • Read permissions
11. Click OK in each window until you are back at the Windows Explorer window.
12. Repeat these steps for all files or folders you want to audit

The steps are repeated again below but with screen shots.

1. Locate the file or folder you want to audit in Windows Explorer

2. Right-click the file or folder and then click Properties.

3. Click the Security tab at top.

4. From the Security tab Click Advanced at bottom right of window.

5. Click the Auditing tab, third tab from the left.

6. Click Add at bottom left of window.

7. Select Principal ( blue text at top left of window ). Enter the name of a user or group you want to audit for the selected file or folder, and click Check Names to validate your entry. For this example, we selected Everyone.

8. Click OK.

9. Select Success and Failure options next to Full control to audit everything for the selected file or folder.

10. Optionally, clear Success and Failure for unwanted events, such as:

• Read attributes
• Read extended attributes
• Write extended attributes
• Read permissions

11. Click OK in each window until you are back at the Windows Explorer window.

12. Repeat these steps for all files or folders you want to audit

• About
• Latest Posts

David

I have been in the Information Technology industry for a little over a decade gaining a Bachelors degree in Information System Security and securing employment with various industries including Government, Financial, Healthcare, Corporate and the End User sectors.
I started Your Digital Mind in 2016as a way to share my love for Education, Technology and Science in an entertaining yet rewarding format. I hope you are learning and enjoying!

Latest posts by David (see all)

• iOS 16.4.1— Urgent Update Recommended - April 10, 2023
• SAML – What The Heck Is Security Assertion Markup Language? - April 6, 2023
• Employees Sharing Sensitive Business Data with ChatGPT Raises Security Concerns - March 30, 2023