Auditing of Object Access: File Share events on failure should be enabled or disabled as appropriate. This policy setting determines whether the operating system generates audit events when a file share is accessed. Audit events are not generated when shares are created, deleted, or when share permissions change. Combined with File System auditing, File Share auditing enables you to track what content was accessed, the source (IP address and port) of the request, and the user account that was used for the access. Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO