I am auditing success and failures on several private user folders on my network. Recently I have been getting failure audit messages on these private folders with one users name on all of them. My problem is that the user denies the access attempts. My question is: Is there a way to identify the MACHINE, rather than the user that attempted the access to these folders. Is there a MAC address somewhere in the failure auditing that I can’t find? Is there something else I can turn on? Any help would be greatly appreciated.