Steve,

I managed to find the answer from Microsoft Knowldge base. Basically right
click on the serve folder, select the Security TAB and on the bottom right
corner select Advanced then select the Auditing TAB and find or select the
user (I selected Authenticated Users). After performing the afore mentioned
users accessing the folders and or files were audited as having accessed the
object.

"Steven L Umbach" wrote:

> You should see the folder being accessed. Try looking for Event ID 560.
> Below is an example from my computer. Note the object name field is the name
> of the file being accessed. --- Steve
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Object Access
> Event ID: 560
> Date: 1/3/2006
> Time: 11:33:46 PM
> User: STEVE-XP\Steve
> Computer: STEVE-XP
> Description:
> Object Open:
> Object Server: Security
> Object Type: File
> Object Name: D:\Drivers\SonyUSB\sonyhcusb2k.inf <<<<<<<<<<<<<<<<<<<
> Handle ID: 120
> Operation ID: {0,3472111}
> Process ID: 3580
> Image File Name: D:\WINDOWS\system32\notepad.exe
> Primary User Name: Steve
> Primary Domain: STEVE-XP
> Primary Logon ID: (0x0,0x1BBD4)
> Client User Name: -
> Client Domain: -
> Client Logon ID: -
> Accesses: READ_CONTROL
> SYNCHRONIZE
> ReadData (or ListDirectory)
> ReadEA
> ReadAttributes
>
> Privileges: -
> Restricted Sid Count: 0
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> "JOHN MCCARTHY" <JOHNMCCARTHY@discussions.microsoft.com> wrote in message
> news:AF92382B-DAB8-4DD8-ADDD-F522395F4668@microsoft.com...
> > Help please. When I look at my Server Security Event Logs, for Object
> > Access, the logs do not reflect the directory or UNC for files or folders
> > for
> > which users access, modify, create, delete etc.
> >
> > On the Domain Security Logs and Domain Controller Security Logs for the
> > Server 2003 Server I have object access checked to audit the failure and
> > success of such object accessed, checked.
> >
> > Take care,
> > John
>
>
>