How to check who last modified a file in Windows?
To know who viewed or modified a file, it is mandatory to have auditing enabled in the object that you wish to monitor, and also the server in which it is located.
Step 1- Enable auditing at server level
- Start → Administrative tools → Local security policy snap-in
- Expand Local policy → Audit policy
- Go to Audit object access
- Select Success/Failure (as needed).
- Confirm your selections and click ok.
Step 2 - Enable auditing at object level
- Navigate Windows Explorer to the file you want to monitor.
- Right click on the target folder/file and select Properties.
- Security → Advanced.
- Select the auditing tab.
- Click the ADD button.
- Choose the users or groups you want to give audit permissions to.
- In the Auditing Entry dialog box, select the types of access you want to audit. You have to select Success events separately from Failure events. Click OK when you are done.
- Verify your selections and click APPLY.
Native auditing becoming a little too much?
Simplify file server auditing and reporting with ADAudit Plus.Learn More »
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools