Hello,
I am trying to log every time files in a specific folder are actually opened, but I am having troubles. I have Object Access Auditing for success and failure turned on in the local computer policy. I enabled auditing of the specific folder with advanced security settings and I get great 4663 events for deleting and writedata events, but I don't see any way of getting accurate events for when a file is actually opened. I can enable "list folder/read data", "read attributes", or "read permissions" which all will trigger when a file is opened - but all of these also trigger when the files are not opened as well(such as just opening a folder I get a read permissions trigger for every file in the folder, or if I highlight a file it will trigger the read attributes and the read data events for that file). I don't want the event to trigger when I can just see the file or highlight it, I need to know when the file is opened (eg a spreadsheet opened with excel, a txt file opened with notepad, etc.).
Does anyone know how to accomplish this?