Hi there,
I am trying to set up file access auditing using the basic group policies. I DO NOT want to use the advanced group policies, since this disables other auditing categories that flow down from upper-level OUs.
I added the Audit object access - success and failure to a seopatae GPO and applied it to the OU
I configured auditing for Everyone - Full Controll - Success and Failure in NTFS.
I verified that the GPO does apply to the server using GPresult /v and RSoP. This auditing category shows as applied to the server. I checked that GPO has replicated.
However, no entries are created in the security logs as I access\create\delete\modify files. I see entries for logons, for policy application, for other categories that are configured, but not the file/object access.
What am I doing wrong? It used to work since WinNT times, did anything change in Windows 2008 R2?
My DCs are Windows 2008 R2, domain level Win2003.