Enable Auditing

Note:

You must logon as an administrator or as a member of the Administrators group to set up auditing of files and folders. Group Policy is available only to administrators.
If you have previously saved a console with Group Policy, you can open the saved console and go to step 5.
After you enable auditing of files and folders, you must specify which files and folders to audit. For additional instructions, please see our How to specify files and folders to audit page.

To set up auditing of files and folders

1. Click Start-->Run, type mmc /a (note the space between mmc and /a), and then click OK.

2. On the File menu, click Add/Remove Snap-in, and then click Add.

3. Under Snap-in, click Group Policy, and then click Add.

4. In Select Group Policy Object, click Local Computer --> Finish --> Close --> OK.

5. In Local Computer Policy, click Computer Configuration --> Windows Settings --> Security Settingss --> Local Policies --> Audit Policy.

6. In the details pane (the righthand side), double-click Audit Object Access.

7. In the Audit object access Properties dialog box, click the options you want, and then click OK. We recommend checking both the Success and Failure options.

8. To edit the other policies such as Audit account logon events and Audit account management that are listed in the detailed pane, repeat steps 6 and 7.

For instructions on how to specify files and folders to audit, please go here.