Security auditing enhancements in Windows Server and Windows client system can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
- A group administrator has modified settings or data on servers that contain finance information.
- An employee within a defined group has accessed an important file.
- The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.
Location: group policy editor: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy
Step by step to configure: https://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx