Another feature found under the advanced security settings of objects stored on an NTFS volume is file and folder auditing. Auditing records information in the Windows Security Event log about users' successful and unsuccessful attempts to use files and system privileges. Auditing has two primary uses:
To monitor attempts by users to access files and system services they're not authorized to use.
To gather debugging information when a service or program fails to work as expected; auditing can help you find out what files the program can't access or what privileges the program lacks.
You can configure auditing on files or folders, but before auditing will log any entries into the Security log, you must enable an auditing ...