When I’m teaching my Group Policy intensive training and workshop classes, one of the things that comes up time and time again is “How can I ensure that access to files and resources is audited?”
You might need to audit if you have a sensitive share, or file you want to ensure that “only the right people” are touching. If your company has a bad guy on the inside or the outside, and you want to know exactly what he’s looked at, you simply must have auditing set up before the problem actually occurs.
It’s not hard to do, but you do need to get it right, or miss your opportunity to catch the person red handed.
So, check out the article "Group Policy Auditing: Myths & Facts" and the video "Turning on Windows File Auditing in Group Policy." You’ll see exactly how to do it, and get it right the first time. Who knows – maybe you’ll be the hero who discovers something odd. You might be the author of the next Coocoo’s Egg (https://en.wikipedia.org/wiki/The_Cuckoo's_Egg_(book)) if you’re lucky (or perhaps unlucky!)