go into the user cp at the top left corner of the page and you can get the link from your uploads and post it
Maybe its a bit deeper than we need to go.File and Registry Auditing
A valuable tool that is available to NTFS volumes, in addition to NTFS Permissions, is the ability to audit what exactly happens to files on a file system. You can audit - user by user, when a file is accessed, modified, or created. The benefit of security auditing after a system has been compromised can be incredible - if auditing was actually turned on before the compromise, you can get a play-by-play description of exactly what happened, and what files were viewed or modified by each user. If auditing is not enabled before the compromise, there is no information to audit.
This feature of NTFS file systems is not normally used because there is a level of performance overhead involved, and because the security audit log will tend to be flooded with events. We've already dealt with the event log by significantly increasing its size. The performance overhead is something that users are likely to notice; especially during computer start-up and shut-down.