I have a server on which I would like to audit when someone deletes a directory. I've done the following:
- right click on the drive root and selected properties
- selected security tab then 'Advanced'
- selected 'Auditing' tab
- Clicked 'Add' and entered 'Everyone'
- When the 'Auditing Entry' page comes up I choose 'This folder and subfolders'' from the 'Apply onto' drop down and check 'Delete'. Click OK.
Then I get a message saying that there is no audity policy set. So I go to my local security setting to set the audit policy but I'm not sure what audit policy to turn on. If I turn on Object Access then I get every folder access audited, not just my deletes. What audit policy can I select to ONLY audit the deletes?