The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Monitor your Documents using the Group Policy in Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

Group Policy allows you to audit or monitor the changes on your Windows computer. Using the Group Policy, you can monitor who has logged on and when, who has opened a document, created a new user account, or changed a security policy.

Monitor your Documents using the Group Policy

To do so, type on secpol.msc in start search and hit Enter to open Local Security Policy.

Under Security settings in the left pane, expand Local Policies and then select Audit Policy.

Monitor your Documents using the Group Policy in Windows

As you can see, you can audit:

  • Account logon events: Account logon events are generated whenever a computer validates the credentials of an account for which it is authoritative.
  • Account management: Lets you see if someone has changed an account name, enabled or disabled an account, created or deleted an account, changed a password, or changed a user group
  • Directory service access: Monitor this to see when someone accesses an Active Directory object that has its own system access control list (SACL).
  • Logon events: Log off events are generated whenever a logged-on user account’s logon session is terminated.
  • Object access: Lets you see when someone has used a file, folder, printer, registry keys, or another object.
  • Policy change: Audits changes to local security policies.
  • Privilege use: Monitor this to see when someone performs a task on the computer that they have permission to perform
  • Process tracking: Track events such as program activation or a process exiting.
  • System events: Lets you monitor and see when someone has shut down or restarted the computer, or when a process or program tries to do something that it doesn’t have permission to do.

Double-click the one you wish to monitor and select the Success option. Click Apply. You can get more information on each if you click on the Explain tab.

Monitor your Documents using the Group Policy

To enable monitoring of your documents, right-click the file and click open Properties.

Select Security tab > Advanced > Auditing tab.

Click Continue to open the Advanced Security Settings box and click Add.

Now, in the Enter the object name to select box, type the name of the user or group whose actions you want to keep track of, and then click OK in each of the four open dialog boxes.

Select the checkbox for any action you want to audit, and then click OK. To learn more about what you can audit and the auditable actions for files, visit Microsoft.

To view the Audit Logs, type Event Viewer in Start Search and hit Enter.

In the left pane, double-click Windows Logs and then click Security. Next, double-click an event to view the log details.

I hope you find this post useful.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.