File Access Auditing - I Am Not Afraid Of GPO

Security logging and auditing mitigates repudiation threat (the "R" in STRIDE, see also Auditing and Logging threats). The lesser coding the better security. Here is the no coding auditing for file access using Group Policy

From https://support.microsoft.com/kb/324739

 

Create a Group Policy Object

To create a Group Policy object (GPO) that you can use to turn on auditing in a domain, follow these steps:

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

2. Right-click your domain, and then click Properties.

3. Click the Group Policy tab, and then click New.

4. Type the name that you want to use for this policy (for example, Enable auditing policy), and then press ENTER.

5. Click Properties, and then click the Security tab.

6. Click to clear the Allow check box next to Apply Group Policy for the security groups that you want to prevent from having this policy applied.

7. Click to select the Allow check box next to Apply Group Policy for the groups to which you want to apply this policy, and then click OK.

8. Click OK, click OK again, and then quit Active Directory Users and Computers.

Turn On Auditing on a Domain Controller

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

2. Right-click your domain, and then click Properties.

3. Click the Group Policy tab, click the Group Policy object that you want to use, and then click Edit.

4. Under Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Audit Policy.

5. In the right pane, double-click Audit object access.

6. Click to select the Define these policy settings check box, click to select the Success check box, click to select the Failure check box, and then click OK.

Define auditing on actual file:

Test auditing by accessing the file, say double clicking it, then open Event Viewer.

Similar entry should be there:

Enjoy