First, we need to enable the object audit feature for the entire domain.
The following tasks were executed on a domain controller running Windows 2012 R2 with Active directory.
Click on the Start menu, locate and open the Group Policy Management tool.
On the Group Policy Management screen, locate the folder named Group Policy Objects.
Right-click the Group Policy Object named Default Domain Policy and select the Edit option.
On the group policy editor screen, you will be presented to User configurations and Computer configurations.
We will change only the Computer configurations.
We don't need to change any User configuration.
On the group policy editor screen, expand the Computer configuration folder and locate the following item.
• Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy
On the right, the list of available configuration options will be presented.
Double click the configuration item named: Audit Object Access.
Enable the following security settings:
• Define these policy settings
To finish the group policy creation you need to close the Group policy editor window.
Only when you close the group policy window, the system will save your configuration.