To audit activity within a specific folder in Windows 10 or 11, you can enable auditing for the fold

Copper Contributor

Yes, you can track changes made to files in a folder or subfolder using native Windows functionalities. One possible approach is to enable File and Folder auditing so that Windows logs these changes for you. Here is how you can implement this:

 

1. Enable Auditing:

- Right-click on the folder where your PowerShell scripts are located and choose "Properties."

- Go to the "Security" tab and click on the "Advanced" button.

- Switch to the "Auditing" tab and click on the "Add" button.

- In the "Select User or Group" dialog, type "Everyone" and click "Check Names" then "OK."

- Select the types of actions you want to audit, such as "Create files/write data", "Delete" or others, and then click "OK."

 

2. View Auditing Logs:

- To view the auditing logs, you'll need to access the Event Viewer.

- Navigate to "Windows Logs" > "Security" in the Event Viewer.

- Look for entries with the Event ID related to file changes (e.g., Event ID 4663 for File Write Data).

 

You can also consider using third-party tools or scripts for more advanced file tracking capabilities or easier reporting in the form of tables. There are applications like "Netwrix Auditor" or scripts that can parse the Windows auditing logs and provide more structured reports.

 

If you need assistance setting up scripting solutions for this type of monitoring or need further guidance on using native Windows auditing features, feel free to ask!

0 Replies