Auditing should identify attacks (successful or not) that pose a threat to your network, and attacks against resources that you've determined to be valuable in your risk assessment.^[[Security auditing - Windows Security | Microsoft Learn](https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/security-auditing-overview)] # Audit Policies Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. By default, File System Object Access audit is not enabled on [[Windows Server]].^[[How to Detect Who Deleted a File on Windows Server with Audit Policy? | Windows OS Hub (woshub.com)](https://woshub.com/tracking-files-deletion-using-audit-policy-and-mssql/)] ## Apply a basic audit policy on a file or folder [Microsoft Learn Documentation](https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder) You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.