Open the computer configuration in the Group Policy - Security Settings - Local Policies - Audit Policy of the audit pair like anti-questioning, double-click on the dialog box that appears to check the box Success and Failure, after the above settings, you can now set up the audit of the files and folders. (Note must be on the NTFS partition, the system to remove the simple file **** enjoy, otherwise the NTFS partition security label is hidden)

For example, now we have to d:\ customer information folder to do the audit. Select the folder, open Properties, select the Security tab, then click Advanced, then select Audit, the default is no audit items, click Add, add the users and groups we want to monitor the audit of the object, OK after the opening of the dialog box to select the hook "Delete" success. Then select the "Apply these audit items only to objects and/containers in this container" checkbox. OK is sufficient. You can see the events by opening the Event Viewer security when viewing the records.

Advantages: You can monitor the client's special use of files, such as a user to delete a folder or file, can be viewed through the log file. The other can also improve network security, through the corresponding settings can monitor which illegal users have logged on the system, do the appropriate measures.