Enable auditing on the file and then examine the Security Event Log for access.
In order to do this you will need the following:
1. Enable auditing for files and folders via the Group Policy editor and edit the local policy or another GPO (Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy)
2. Start Windows Explorer
3. Right click on the files/folders select Properties.
4. Select the Security tab
5. Click the Advanced button
6. Select the Audit tab
7. Click Add
8. Select Everyone
9. Click OK
10. Select the actions to audit such as List folder/read data
11. Click OK
12. Click OK to all dialogs.
No comments:
Post a Comment