When I came in this morning, files on the root of a specific share were gone. Not folders, only files and not hidden files. This share is publicly accessible to everyone in our organization.
Someone requested a few files and I restored them. Within a few hours, those files were also gone. We have had incidents before where someone had actually deleted files from this particular share.
Should I turn on auditing to see what is happening? I am presently looking at this article:
How to set up and manage operation-based auditing for Windows Server 2003, Enterprise Edition: http://support.microsoft.com/kb/325898
Any help is greatly appreciated!