Have a folder containing few files shared on server 2008/NTFS partition, which is also a domain controller. In Group Policy management i have created an Organization unit under the domain and under the OU i have defined a GPO on which i have config auditing for object i.e the folder i wish to monitor.
- Go to ‘Start’ -> ‘Run’ -> ‘mmc’.
- Click on ‘File’ -> ‘Add/Remove Snap-in…’
- Click on the ‘Add’ button, select ‘Group Policy Object Editor’ from the list and click on ‘Add’.
- Choose the group policy you want to configure auditing for, the click on ‘Finish’.
- Click on ‘Close’.
- In the Group Policy Object Editor, expand ‘Computer Configuration’.
- Expand ‘Windows Settings’ -> ‘Security Settings’ -> ‘Local Policies’.
- Click on ‘Audit Policy’ and open the ‘Audit object access’ properties.
- Enable the ‘Success’ and ‘Failure’ check boxes depending on the kind of auditing you want to have.
then i have added users/groups i wish to audit in the audting tab under folder proterties/security
However this isnt working, i cannot see a single eveent logged if i go to event viewer - windows logs - security. I try to find it by folder name/users but nothing. to create event entries i deliberately logged in using the defined usernames and viewed the files.
Can someone help please?