Looking Who Last Accessed a File; Admin Tips

This tip is to monitor who last accessed a file and may be useful for you (Administrator). To be able to do that, you should enable auditing on a file.

To enable auditing, you have to enable auditing at the server level on the Windows security policy and then enable auditing on the particular object (in this case, a file) which you are interested.

Do the following to enable auditing at the server level:
  1. Press Windows Key + R and type "secpol.msc".
  2. In the left pane, expand Local Policy and click on Audit Policy.
  3. In the right pane, double-click Audit object access.
  4. Check the boxes beside Success or Failure (as needed).
  5. Click OK.
And the next step is, you must enable auditing on the target file or folder from "Windows Explorer".
  1. Open Windows Explorer.
  2. Browse to the files or folders you want to audit.
  3. Right-click and select Properties.
  4. Select Security > Advance > Auditing and click the Addbutton.
  5. Enter the user or group you wan to audit access for and click OK.
  6. In the Auditing Entry dialog box, select the type of access you want, click OK when you finish.
  7. Apply.
It’s look pretty to know who last accessed or modified a file or folder you have configured. Give attention when enabling auditing on a frequently accessed set of files or folders. The number of audit messages in the Security event log can grow quickly with just a few accesses of the file. So, think wisdom please.
Click to see detailed picture


  1. Good2

    tapi ane kga ngerti...hehe

  2. nice info...

  3. Thanks for sharing the information, it provides step by step details to know how to enable auditing at the server level. I found the efficient utility from http://www.lepide.com/file-server-audit/ that helps to know who is access a specific file and folder and track all changes made by user and every file server access activities like Who changed What, When, from Where and from Which workstation.