This should be simple, right, configure auditing on the file system and set the audit policies to audit object access. It did get a little more complecated in Windows Server 2008 but it seems straight forward enough.
Here are my settings
File Auditing
Failure Everyone Full Control This folder, subfolders and files
Object Access
File System Success and Failure
Global Object Access Auditing : File
All Everyone Change permissions, Take ownership
Failure Everyone Full Control
Local Policies/Audit Policy
Audit object access Success, Failure
Is there anything else I should be looking at?
Thanks,
Joe
Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator In Progress: MCITP: Enterprise Administrator