watchDirectory Help

Help Home
Creating New Tasks
Running Tasks
Task History

Plugins

Standard versus Pro
Version History

Search

See Also...




Free 30 day evaluation!
Standard version: $79 USD
Professional version: $149 USD
Buy Now!

 

German Helpfile

German Helpfile

French Helpfile

French Helpfile


Privacy Policy

Audit Windows Directories - Configure Windows for Auditing


How to enable Audit Reporting

 

Enable Auditing on the computer being monitored

Enable Auditing on the Computer

You will need to enable the audit policy Audit Object Access, using the "Local Security Policy" program or the "Group Policy" program if your computer is a member of a domain.

The only policy that needs to be enabled is the "Audit Object Access" policy. The other policies can be left as they are. As we are only interested in the "Success" events, I did not enable "Failure".

Depending on your version of Windows the screen might look a little different.


 

Enable Auditing for the directory being monitored

Enable Auditing for the directory

Now you must enable auditing for the directory being monitored. Using Windows Explorer, select:

Properties -> Security tab -> Advanced button -> Auditing tab

Press the Add button to select the User or Group you want to Audit. Enter the text "Everyone" (without the quotes) and press the Check Names button and press OK.
On the next screen you enable auditing for "Delete" and "Delete Subfolders and Files".
The screenshot shows these settings for the directory C:\WUTemp.

This will setup this directory to audit deleted files and subfolders. If you also want auditing for new files and folders you should enable the other options (such as Create files/Write data).
If you want notifications for failed attempts, check those options as well.