We have an SBS2003 R2 installation with 12 workstations. All users use mapped drives to connect to the data. Sometimes when users log on a large amout of data on the server goes missing. I have set the security log to trap event 560 which I have set to monitor any delete actions. The last time this happened there was a string of events indicating that these files had in fact been deleted by the administrator and the final event said that the contents of the recycle bin had been emptied. I have checked all systems with antivirus software and found nothing - does anyone have any ideas?