Hi All. I am using windows 2008. and Turn on file auditing.
I am looking into the event log and found it's very hard to read.
1. what's handleID? are there list mapping the code to actual action ie. delete/create.......
2. Can the audit able to identify the source IP/computer who trigger the action on the share folder which turned on audit ?