A. A. Auditing is only available on NTFS volumes. Follow the instructions below:
- Start Explorer
- Right click on the file/directory you want to audit, and from the context menu select properties
- Select the Security tab and click Auditing
- If you have selected a directory, check the "replace auditing on subdirectories"
- Click the Add button and add the user(s) who you wish to audit by selecting and clicking Add. When finished adding users, click OK
- Select the events you wish to audit and then click OK
You must ensure that File access auditing is enabled (Start - Programs - Administrative Tools - User Manager - Policies - Audit).
These events can then be viewed using the Event Viewer (Start - Programs - Administrative Tools - Event Viewer - Log - Security)