When I enable the "Audit Object Access" policy on the file server (Windows Server 2008 R2) through "Local Security Policies" and configure auditing on 1 particular file, the event logs seem to capture noise on all files located on that file server. I thought the idea of enabling auditing on a particular file was to only audit that file. Why would all files located on the file server be audited? This is a Active Directory network as well.
I read that to audit only files for a particular server to enable the policy within the local security policy on that server only and not in the GPOs for the Domain.
How can I eliminate all noise except the one file that I want to audit?