Have a folder containing few files shared on server 2008/NTFS partition, which is also a domain controller. In Group Policy management i have created an Organization unit under the domain and under the OU i have defined a GPO on which i have config auditing for object i.e the folder i wish to monitor.
  1. Go to ‘Start’ -> ‘Run’ -> ‘mmc’.
  2. Click on ‘File’ -> ‘Add/Remove Snap-in…’
  3. Click on the ‘Add’ button, select ‘Group Policy Object Editor’ from the list and click on ‘Add’. 
  4. Choose the group policy you want to configure auditing for, the click on ‘Finish’. 
  5. Click on ‘Close’.
  6. In the Group Policy Object Editor, expand ‘Computer Configuration’.
  7. Expand ‘Windows Settings’ -> ‘Security Settings’ -> ‘Local Policies’.
  8. Click on ‘Audit Policy’ and open the ‘Audit object access’ properties.
  9. Enable the ‘Success’ and ‘Failure’ check boxes depending on the kind of auditing you want to have.

then i have added users/groups i wish to audit in the audting tab under folder proterties/security

However this isnt working, i cannot see a single eveent logged if i go to event viewer - windows logs - security. I try to find it by folder name/users but nothing. to create event entries i deliberately logged in using the defined usernames and viewed the files.

Can someone help please?