Scenario - Local file server with various shared folders on it, and the server is a member server in a domain. Someone updates the permissions on one of the shared folders by adding a particular domain group.
Question - Can the Security Event Log on the local DC offer any clues as to who made the change, and when? Alternatively will such information only appear in the local file server's Security Event Log and then only if the relevant auditing has been enabled?