The company I work for wants to be able to review audit logs to see where people have failed to gain access to particular folders or files on a server, that is part of a DFS. I have enabled Auditing Object Access with Failures, and I have added the Everyone group to Auditing on the folder, in which it audits all failures. However, when I review the Security Log to see those failed attempts to access a file, for example, I get a log of a success to the user who attempted to open the file, when in actuality, he failed to open the file because he did not have rights to open it.
What am I doing wrong, or is this how Microsoft has auditing setup?