To enable auditing on specific folders on a server, do the following:
In the local security policy editor (or use GPO with specific scopes if you prefer) enable Audit File System under the Object Access section:
On the folder you'd like to enable auditing on, go to the Advanced Security settings, head to the auditing tab and click Add.
Select a principal, inheritance settings and show advanced permissions to choose what to audit.
In the case below we are monitoring when a file is created, edited or deleted in the Exam folder:
Once this is enabled you can check the logs in the Security section on Event Viewer:
You will want to increase the size limit of the log to increase the amount of days it is capable of logging, you can do that in the Security Logs Properties in Event Viewer, the default size is 20MB, which is not enough to even keep a days worth of logs in certain environments.
