Windows Audit Files & Folders – Track file access by someone

bardimin pic

Written by Bardimin

On August 22, 2022
Home » Blogs » Windows » Tips and Tricks » Windows Audit Files & Folders – Track file access by someone

Audit Files and Folders allow you to track every activity that occurs in those files and folders for a variety of reasons.

There are many reasons to track the activity of files and folders in Windows. One of the most common reasons is the issue to guarantee the integrity of the system. By enabling auditing of files and folders, you will know when users are accessing, reading, creating, modifying, or deleting files and folders.

If you're an “Admin,” you can choose to allow specific users to track changes to files and folders and manage their access.

Tracking the creation and deletion of files and folders is mandatory to ensure data security and meet compliance mandate requirements. It also helps administrators to monitor files and folders in their system.

In case of a security attack, if the deletes a file or , it will be easier to track it during the investigation.

One of the most effective methods to maintain the integrity of your system is security auditing. You should select the audit level for your environment as part of your overall security plan. The purpose of the audit is to find threats to your network, whether successful, as well as threats to resources that you have identified as important in your risk assessment.

How to enable Audit Files and Folders in Windows 11

There are several steps you have to do to enable audit files and folders. The stages are:

  • Enable Object Access Auditing in the Group Policy.
  • Configure Auditing on a File or .
  • Viewing and Analyzing Logs.

A. Enable Object Access Auditing in the Group Policy.

  1. Open the “Local Group Policy Editor“. You can open it by clicking the Start button and typing “gpedit“. Then click “Edit group policy” in the search box.
open gpedit
  • Then in the Group Policy Editor window, navigate to “Computer Configuration > Windows > Security > Local Policies > Audit Policy“. Next on the right side, configure “Audit object access” by double-clicking.
gpedit audit object access
  • In the “Audit object access Properties” window, check all the “Success” and “Failure” options to audit each attempt.
  • Then Click the OK button and close the .

B. Configure Auditing on a File or Folder.

  1. Open , then select the File or Folder you want to audit. Once you've selected it, right-click on it and select the “Properties” option.
  2. Next in the Properties window, select the “Security” tab. And on the tab, click on the “Advanced” button.
file auditing edit
  • Then it will open the “Advanced Security Settings” window and select the “Auditing” tab. Click the “Continue” button.
  • After that, click on the “Add” button.
  • The “Auditing entry” window will open and click “Select a principal“.
file auditing entry
  • Next, you will be asked to choose the user to be audited. Select “Everyone” to audit anyone accessing the file or folder. Then click OK.
  • Now back in the “Auditing entry” window, in the “Type” section, click on the dropdown button and select “All“. And in the “Basic permissions” section, check the “Full Control” option.
  • Then click the OK button and also click all the OK buttons on each window that opens to apply them.

C. Viewing and Analyzing Logs.

  1. Open the “Event Viewer“. You can open it by clicking the Windows Start button and typing “event viewer” in the search box.
open event viewer
  1. In the Event Viewer Window, navigate to “Windows Logs > Security“.
  2. You'll see the results of a Windows audit, including Audit Success and Audit Failure. Double click to see the details.
event viewer audit
  1. Slide the arrow up or down to see more audit results.

Latest Articles

Portable BloatyNosy 0.80 – Debloat and Customize Windows 11

Portable BloatyNosy 0.80 – Debloat and Customize Windows 11

BloatyNosy is a free app that lets you remove the built-in junk apps in Windows that improve your Windows performance. The application is available in portable and installer versions. If you are looking for a free Debloat tool, then you might need to try BloatyNosy...

The sequence of Windows boot processes from zero to ready

The sequence of Windows boot processes from zero to ready

Have you ever wondered how exactly the Windows boot process happens? What processes happen in the background when you press the power button until Windows is ready for you? If yes, then you are in the right place. In this article, Bardimin will explain how all these...

Redirect and Block URLs with HOSTS File on Windows

Redirect and Block URLs with HOSTS File on Windows

Redirect and Block URLs you can easily on Windows. Just by adding the IP of a website, you can redirect or block it. Of course, this is very useful to limit the access of your employees or children from accessing websites that you do not allow. Your Windows PC has...

How to Create Fake Files of Any Size in Windows

How to Create Fake Files of Any Size in Windows

Do you need a file with a size of 10 MB, 100 MB, 1 GB or 1 TB to test? Follow the following article to create one instantly. You don't need to download files or waste time searching for large files, you can create them easily. Sometimes you need large files quickly to...

10 Causes of Windows PC crashes you should know

10 Causes of Windows PC crashes you should know

A fatal error will cause the system to become unstable or busy. Your Windows PC will often display the Blue Screen of Death (BSOD). Do you experience it often? A computer that often crashes is quite annoying for all users, especially when you are doing important work...