A. A. Auditing is only available on NTFS volumes. Follow the instructions below:

  1. Start Explorer
  2. Right click on the file/directory you want to audit, and from the context menu select properties
  3. Select the Security tab and click Auditing
  4. If you have selected a directory, check the "replace auditing on subdirectories"
  5. Click the Add button and add the user(s) who you wish to audit by selecting and clicking Add. When finished adding users, click OK
  6. Select the events you wish to audit and then click OK

You must ensure that File access auditing is enabled (Start - Programs - Administrative Tools - User Manager - Policies - Audit).

These events can then be viewed using the Event Viewer (Start - Programs - Administrative Tools - Event Viewer - Log - Security)