


Under Audit Policy, select 'Audit object access' and turn auditing on for both success and failure. Navigate to Computer Configuration -> Windows Settings -> Security Settings ->Local Policies -> Audit Policy. Launch the Group Policy Management console (Run -> gpedit.msc)Ĭreate a new GPO and link it to the domain containing the file server or edit the existing GPO that is linked to the relevant domain. Step 1: Enable 'Audit object access' policy.With native auditing, here is how you can monitor file and folder access on a Windows file server:

Additionally, in case of attempts to access critical files or folders, real-time alerts will be sent straight to your phone or email. It can also help in identifying the client machine from which failed attempts were made, thus hinting at a compromised system. You can track down all the users who accessed a file in order to rule out possible suspects. With a record of all attempts made to access a file (including the failed ones), investigations in case of a data breach becomes much easier. Name of the user whose request had failed.The reports contain the following details: You can also pull up the failed attempts to read, write or delete a file. Name of the server in which the file is located.Which client machine the file was accessed from.The details you can obtain from this report are:.Login to ADAudit Plus → Go to File Audit tab → Under File Audit Reports → navigate to File read access report.
