To enable auditing for a file (or folder), you need to edit the security descriptor (Item 42) for it and give it a SACL (Item 43). This is easy to do with Explorer. Just find the file you want, bring up its property sheet, and choose the Security tab. From there, press the Advanced button. The dialog that pops up will have an auditing tab that you can use to edit the SACL. If you normally run with least privilege as I do, note that Explorer will hide this tab unless you have the SeSecurityPrivilege, which administrators have by default. Therefore, log in as an administrator (or run another copy of Explorer, as I suggested in Item 9) before you attempt this.

When you edit the SACL you're specifying the conditions ...