Hi, I was being asked once by my superior about the security audit issue. She asked whether it can be traced through logs if someone create/delete/modify the IDs, create/delete/modify folders and etc. To me, I do not think we able to trace through security event viewer. What are the data security enhancement in Windows Server 2008 can be considered compare to Windows Server 2003 ? Therefore, does anyone have any idea or any tools to trace it ? Thanks.

Hi Partick, To enable folder permission auditing, you can follow the below steps: 1. Click start and run "secpol.msc" without quotes.2. Open the Local Policies\Audit Policy3. Enable the Audit object access for "Success" and "Failure".4. Go to files and folders, right click the folder and select properties.5. Go to Security Page and click Advanced.6. Click Auditing and Edit.7. Click add, type everyone in the Select User, Computer, or Group.8. Choose Apply onto: This folder, subfolders and files.9. Tick on the action box which you want to audit. 10. Click OK.After you enable security auditing on the folders, you should be able to see the folder permission changes in the server's Security event log. Task Category is File System. For more information, you can refer to:http://support.microsoft.com/kb/300549Best Regards,Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.

Hi, Sorry for the late reply, well, as per your recommendation, I have to enter Everyone to every folders which is not possible. Besides that, we disallow everyone to be granted in any folders and etc as this is a part of our policy. Thanks.