Active Directory How-To pages

Active Directory Auditing Tool
Get Your Free Trial Free, fully functional 30-day trial
Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Account Management » Active Directory How-To pages

How to check who last modified a file in Windows?

To know who viewed or modified a file, it is mandatory to have auditing enabled in the object that you wish to monitor, and also the server in which it is located.

Step 1- Enable auditing at server level

  1. Start → Administrative tools → Local security policy snap-in
  2. Expand Local policy → Audit policy
  3. Go to Audit object access
  4. Select Success/Failure (as needed).
  5. Confirm your selections and click ok.

Step 2 - Enable auditing at object level

  1. Navigate Windows Explorer to the file you want to monitor.
  2. Right click on the target folder/file and select Properties.
  3. Security → Advanced.
  4. Select the auditing tab.
  5. Click the ADD button.
  6. Choose the users or groups you want to give audit permissions to.
  7. In the Auditing Entry dialog box, select the types of access you want to audit. You have to select Success events separately from Failure events. Click OK when you are done.
  8. Verify your selections and click APPLY.

Native auditing becoming a little too much?

Simplify file server auditing and reporting with ADAudit Plus.

Learn More »