To enable the Audit Object Access policy

1.

Choose one of the following

IfDo this

You want to modify security settings for your local computer

Open Local Security Settings

You are on a workstation or server, which is joined to a domain, and you would like to modify security settings for a Group Policy object

Click Start, point to Run, type mmc and click OK.

In the console, click the File menu and click Add/Remove snap-in.

In Add/Remove Snap-in, click Add. In Add Standalone Snap-in, double-click Group Policy.

In Select Group Policy Object, click Browse, browse to the policy object you would like to modify, and click Finish.

Click Close and then click OK.

2.

In the console tree, double-click Audit Policy.

Where?

Object Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy

3.

Double-click Audit Object Access, and in Audit object access Properties, select the Define these policy settings check box.

4.

Do one or both of the following:

To audit successful attempts, select the Success check box.

To audit unsuccessful attempts, select the Failure check box.

Note

You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 

To open Local Security Policy, click Start, click Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy

Setting changes are applied every 90 minutes on a workstation or server and every five minutes on a Domain Controller. Every 16 hours there is a forced refresh on the settings regardless of any changes

Top of pageTop of page

Related Topics

Set, view, change, or remove auditing for a file or folder

View the security log

For more information, see Audit object access 


Top of pageTop of page