You will need to turn on auditing. Open the properties on the folder, go to security, advanced and check the auditing tab. Other options might include <a href=”http://www.intersectalliance.com/projects/EpilogWindows/index.html”>Snare/Epilog</a>.
You will probably need to enable auditing (through group policy or local security policy), and then identify the folder you want to audit and set the appropriate settings.
To enable auditing through local security policy, go to Start -> All Programs -> Administrative Tools -> Local Security Policy.
In the Local Security Policy tool, expand “Local Policies” and select Audit Policy.
Double click on the “Audit Object Access” item and choose what events you want to audit.
Once enabled, right click on the shared folder, select “properties” -> “security” -> “advanced”, go to the “auditing” tab, and set the appropriate settings.
The audit results will be included in the “security” section, in event viewer.