deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/device-security/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
Nicholas Brower 1ae3f0b230 Merged PR 4822: "msdate update (generated from most recent commit date)" 
"msdate update (generated from most recent commit date)"
2017-12-05 22:36:05 +00:00

2.7 KiB
Raw Blame History

title, description, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, author, ms.date
title description ms.assetid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype author ms.date
Apply a basic audit policy on a file or folder (Windows 10) You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log. 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2 w10 deploy library security brianlic-msft 04/19/2017

Apply a basic audit policy on a file or folder

Applies to

  • Windows 10

You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log. To complete this procedure, you must be logged on as a member of the built-in Administrators group or you must have been granted the Manage auditing and security log right.

To apply or modify auditing policy settings for a local file or folder

  1. Right-click the file or folder that you want to audit, click Properties, and then click the Security tab.
  2. Click Advanced.
  3. In the Advanced Security Settings dialog box, click the Auditing tab, and then click Continue.
  4. Do one of the following:
    • To set up auditing for a new user or group, click Add. Click Select a principal, type the name of the user or group that you want, and then click OK.
    • To remove auditing for an existing group or user, click the group or user name, click Remove, click OK, and then skip the rest of this procedure.
    • To view or change auditing for an existing group or user, click its name, and then click Edit.
  5. In the Type box, indicate what actions you want to audit by selecting the appropriate check boxes:
    • To audit successful events, click Success.
    • To audit failure events, click Fail.
    • To audit all events, click All.

Important:  Before setting up auditing for files and folders, you must enable object access auditing by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.  

Additional considerations

  • After object access auditing is enabled, view the security log in Event Viewer to review the results of your changes.
  • You can set up file and folder auditing only on NTFS drives.
  • Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.