Excerpt from: The Windows Server 2003 Security Log Revealed

Audit Object Access

You can use the Object Access Security log category to audit any and all attempts to access files and other Windows objects. The only auditable objects not covered by this category are AD objects, which you can track by using the Directory Service category. In addition to tracking files, you can track success and failure access attempts on folders, services, registry keys, and printer objects. The way in which you define Object Access audit policy and the format of information recorded in the Security log for this category are closely related to the structure of the ACLs that all objects use to define who can access the object and how.

When you enable the Audit object access events policy for a given computer, Windows doesn’t immediately begin auditing all access events for all objects because the system would immediately grind to a halt. Activating object access auditing is a two-step procedure. First, enable the Audit object access events policy on the system that contains the objects you want to monitor. Second, select specific objects and define the types of access you want to monitor. you make these selections in the object’s audit settings, which you’ll find on the object's Advanced Security Settings dialog box. For instance, Figure 7 1 displays the audit settings for a folder named Accounting Data.

Figure 7‑1 Object audit policy

More information on this audit category is available in WinSecWiki

This is just a fraction of the wealth of information available only in Randy Franklin Smith's eBook, The Windows Server Security Log Revealed.