watchDirectory Help > Plugins > Audit Windows Directories
Audit Windows Directories - Configure Windows for Auditing
How to enable Audit Reporting
- Enable Auditing for the computer being monitored.
- Enable Auditing for the directory being monitored.
Enable Auditing on the computer being monitored
You will need to enable the audit policy Audit Object Access,
using the "Local Security Policy" program or the "Group Policy" program if your
computer is a member of a domain.
The only policy that needs to be enabled is the "Audit Object Access" policy. The other policies can be left as they are. As we are only interested in the "Success" events, I did not enable "Failure".
Depending on your version of Windows the screen might look a little different.
Enable Auditing for the directory being monitored
Now you must enable auditing for the directory being monitored. Using Windows Explorer, select:
Properties -> Security tab -> Advanced button -> Auditing tab
Press the Add button to select the User or Group you want to Audit. Enter the text "Everyone" (without the quotes) and press
the Check Names button and press OK.
On the next screen you enable auditing for "Delete" and "Delete Subfolders and Files".
The screenshot shows these settings for the directory C:\WUTemp.
This will setup this directory to audit deleted files and subfolders. If you also want auditing for new files and folders you should enable the other options (such as Create files/Write data).
If you want notifications for failed attempts, check those options as well.