Hi, It’s correct. If you enabled the "Audit object access" policy and configured audit settings on the file/folder, the security log will be logged on the computer that the file/folder locates. Domain controller will not record this log. Regards, Bruce

Awesome! Thanks Bruce!

Hey guys I have a question, about auditing security group access. Our security team is trying decipher what security groups have access to what. Now unless something has changed that I am not aware of, you have to enable auditing on the servers where the access request is occuring and enable auditing on the object (file/folder) correct? DC's won't tell you what secuity group/user just accessed remote file/fileshare. It will log in the security log that a user just authenticated to the domain, but thats it. Am I missing something? Thanks!