Auditing File and Folder Access
Access permissions will only help protect data; they won't tell you who deleted important data or who was trying to access files and folders inappropriately. To track who accessed files and folders and what they did, you must configure auditing for file and folder access. Every comprehensive security strategy should include auditing.
To track file and folder access, you must
Specify which files and folders to audit
Monitor the security logs
Enabling Auditing for Files and Folders
You configure auditing policies by using Group Policy or local security policy. Group Policy is used when you want to set auditing policies for an entire site, domain, or organizational unit and is used as discussed in Part 7 ...