Auditing file changes does not works


Faustino Dina

Hi all,

I have a folder shared with full permisions enabled for a security group.
The folder is located on the domain controller. I want to log who modifies,
deletes or adds a file in this folder and subfolders. Then I did the
following way:

First I enabled auditing for this folder:
-Right click of the mouse over the folder, Properties menu/Security
tab/Advanced button/Auditing tab
-Selected the security group I want to audit
-Selected "This folders, subfolders..." from the combo
-Checked the options "Create Files/Write Data", "Create Folders/Append
Data", "Delete Subfolders and Files", "Delete" for both Success and Failure
-The checkbox for "Allow inheritable auditing entries from parent to
propagate..." was enabled

The folder is shared read-only for Everyone, and full for the security group
I want to audit. Security settings on folder are set as default: Everyone,
full access (inherited from C:\ ).

I made some changes to files in the audited folder. Then I opened Event
Viewer / Security and nothing appears.

After that I remembered I should modify the policies on the PC, to allow
auditing. Then I did the following:
-Opened Domain Controller Security Policy
-Opened Windows Settings/Security Settings/Local Policies/Audit Policy
-Enabled "Audit Object Access" and "Audit Privilege Use" for both success
and failure

Then tested again to make some changes on files on the audited folder and
again nothing was logged.

What I'm missing?

Thanks in advance

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question