Windows Server 2003 (or older) and Windows Server 2008 (or newer) have very different auditing systems. Win2003’s was based on the auditing introduced in Windows NT 3.5 and works at a very macro level. Win2008’s was based on Vista’s system, and features very granular subcategory-based tracking. The key in Win2003’s that you audit categories Logons and Object Access. In Win2008 you’ll want to audit sub-categories Logons, File System, and File Share. For the actual folders, we only need SUCCESS auditing here (who cares if someone can’t delete a file), and it should be done for the built-in EVERYONE group.

Full Article: DS team blog