WinSecWiki > Security Settings > Local Policies > Audit Policy > Object Access > File System

File System

This category allows you to track access to files and folders. To enable or disable this category you must use the auditpol command.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event IDTitle
4656 A handle to an object was requested
4658 The handle to an object was closed
4660 An object was deleted
4663 An attempt was made to access an object
4685 The state of a transaction has changed
4985 The state of a transaction has changed.

Back to top

 

Upcoming Webinars
    Additional Resources
      Object Access
      •Detailed File Share
      •Removable Storage Devices
      •File System
      •Registry
      •Kernal Object
      •SAM
      •Certification Services
      •Application Generated
      •Handle Manipulation
      •File Share
      •Filtering Platform Packet Drop
      •Filtering Platform Connection
      •Other Object Access

       
       
      User name:
      Password:
        / Forgot?
        Register
      June 2025
      Patch Tuesday      		 "Patch Tuesday - Two Zero Days and 11 Critical Updates " - sponsored by LOGbinder and Supercharger
      .
      Tweet
      Follow @randyfsmith
      About | Newsletter | Contact Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
      Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.       		Terms of Use | Privacy |
      Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies.