In this tutorial, we will see a feature built into Windows, folder and file access auditing.
This function allows logger access to resources (files and resources). It may be worthwhile to enable auditing on sensitive enterprise files to see if unauthorized people are trying to access it.
To view all available permissions, including deletes, click View advanced permissions.
To work it is necessary to activate the object access audit on the server.
1. Open an execute window (crtl+R) and enter gpedit.msc to access the local policy console of the computer.
5. Force a policy update, by opening a command prompt as administrator and passing the gpupdate command.
View the logs
1. In order to generate logs, make access to folders and files according to the audit parameters.
With auditing features, you can now record people who are roaming about shares and who are too curious.
Personally I advise you to activate this feature on sensitive folders and record only refusals, because the number of logs can quickly become important and also impact performance.
In order to better secure access to shares, I also recommend that you enable enumeration based on access.