How to audit user access of files, folders, and printers in Windows XP


As an administrator of a Windows XP Professional-based computer, you can configure your computer to audit user access to files, folders and printers. This facility is unavailable on Windows XP Home Edition.

Auditing User Access of Files, Folders, and Printers

The audit log appears in the Security log in Event Viewer. To enable this feature:
  1. Click Start, click Control Panel, click Performance and Maintenance, and then click Administrative Tools.
  2. Double-click Local Security Policy.
  3. In the left pane, double-click Local Policies to expand it.
  4. In the left pane, click Audit Policy to display the individual policy settings in the right pane.
  5. Double-click Audit object access.
  6. To audit successful access of specified files, folders and printers, select the Success check box.
  7. To audit unsuccessful access to these objects, select the Failure check box.
  8. To enable auditing of both, select both check boxes.
  9. Click OK.

Specifying Files, Folders, and Printers to Audit

After you enable auditing, you can specify the files, folders, and printers that you want audited. To do so:

  1. In Windows Explorer, locate the file or folder you want to audit. To audit a printer, locate it by clicking Start, and then clicking Printers and Faxes.
  2. Right-click the file, folder, or printer that you want to audit, and then click Properties.
  3. Click the Security tab, and then click Advanced.
  4. Click the Auditing tab, and then click Add.
  5. In the Enter the object name to select box, type the name of the user or group whose access you want to audit. You can browse the computer for names by clicking Advanced, and then clicking Find Now in the Select User or Group dialog box.
  6. Click OK.
  7. Select the Successful or Failed check boxes for the actions you want to audit, and then click OK.
  8. Click OK, and then click OK.


  • The hard disk must be formatted with the NTFS file system for auditing to work.
  • If your computer is a member of a domain and the administrator has set domain-level auditing policies, those policies override these local settings.


Article ID: 310399 - Last Review: Oct 21, 2008 - Revision: 1