This is a super short guide to enabling file auditing on Windows Server 2008 And Windows Server 2008 R2. To enable file auditing:
- On the local security policy of the server (or GPO), enable file auditing (Control Panel -> Administrative Tools -> Local Security Policy. Then Local Policies -> Audit Policy -> Audit Directory Service Access Success | Failure)
- Enabling file auditing on the files and folder you want to audit (Right click the file or folder -> Properties -> Security tab -> Advanced -> Auditing -> Add users you want to audit, which is probably the Everyone group with all permissions)
You will then be able to see audit logs in the Windows Event Viewer, under the Security log.