For security purposes many organizations enable auditing feature in their scenarios. With the help of auditing you can regularly monitor the usage of any file or folder available on the computer. For example if auditing is enabled on Accounts folder you can view the names of the users who have tried to access the object. Auditing can be enabled for both Successful and Failed access attempts depending on the requirements of the organization. Successful auditing logs every successful access attempt that was made by the user on the specified file or folder whereas Failed auditing logs the records of all the failed attempts which were made to access the object. Every logged (recorded) transaction contains the time at which the attempt was made and the name of the user who was logged on when the event actually took place. You can enable auditing on any file or folder by following the steps given below:
- Logon to the computer with the account having administrative or equivalent privileges.
- Locate the folder or file for which you want to enable auditing and right click on it.
- From the appeared menu go to Properties and from the opened box go to Security tab.
- Click on Advanced button and from the Advanced Security Settings box go to Auditing tab.
- If required click on Continue button to enable the editable box.
- Click on Add button to add the users and/or groups for which you want to enable auditing on this folder or file. Once found click on Ok button to get another box called Auditing Entry.
- In the new box check the Full Control boxes for Successful Failed or both auditing events as per your requirements and click on Ok button to add the user or group in the list.
- Once done click on Ok button to confirm your settings.
You can view the logged (recorded) auditing information from the Event Viewer snap-in which can be found in Computer Management. (Start > Run > COMPMGMT.MSC).
You need to enable Object Access auditing policy from group policies in order to enable Windows 7 start recording the events.