<div>
We have had the same issue. &nbsp;I believe you have to have some kind of auditing turned on or installed but couldn't say what that is for sure. &nbsp;Will be good to see what others have to say.
</div>


<div>
This kind of events is not recorded by default. You are not able to check the past. The only thing you can do it to record such events in the future.
</div>


<div>
Enable file and folder auditing:<br />
Go to Local Security Policy under administrative tools.<br />
Navigate to Local Policies/Audit Policy<br />
open Audit object access and enable success and failure.<br />
<br />
This sets the *ability* to audit. &nbsp;Now you need to enable it on the folders/file you want.<br />
Right click the appropriate folder/file and go properties<br />
Security tab<br />
Advanced button<br />
Auditing tab/Edit/Add<br />
Select the appropriate security group (or Everyone group if you wish)<br />
Select the specific events you wan to audit - in your example you want 'Delete subfolders and files' with the 'success' option<br />
OK/apply as appropriate<br />
Voilla<br />
<br />
Note that auditing files and folders WILL create additional load on the server - use sparingly.
</div>


<div>
Alright, let me check because currently i am re-designing the whole FILE SHARING thing on my network and going to enable to audit policies. Thanks for your help.
</div>


<div>
Disorganise,<br />
Once that is set up how do you find what you want in Security Event Viewer?<br />
Sorry to but in again, but I believe ibrahim52 will have the same question once he turns his on.<br />
<br />
I set mine up last week and thought I would see what I could find so searched for delete and all I found was SAM stuff.<br />
Searched Microsoft Windows 2008 home site and found stuff on W2000 &amp;&nbsp;NT$. &nbsp;:(<br />

</div>


eventlog.jpg

audit1.jpg

<div>
Thanks Disorganise,<br />
ibrahim52 and I owe you one.<br />
Have a great day
</div>


<div>
I have to say sorry again after accepting solutions to every question i start the reason is because i can't give more of my time to try out the suggestions instantly and it takes me around 2-3 weeks to spare time and start fixing the issue using experts suggested solution. Thank you.
</div>


<div>
<div class="content wysiwyg-content">
The question is really simple and short. I had a common folder shared between all the domain users, now today one of the file is missing in that shared folder and company would like to TRACE the user who did that, i spoke to some experts on phone and they said look in the event viewer, i couldn't find anything with the NAME of that FILE in the E.V, is there any other way around ?
</div>
</div>


The question is really simple and short. I had a common folder shared between all the domain users, now today one of the file is missing in that shared folder and company would like to TRACE the user who did that, i spoke to some experts on phone and they said look in the event viewer, i couldn't find anything with the NAME of that FILE in the E.V, is there any other way around ?

Windows Server 2008 Event Viewer

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Servers are computing devices that are similar to desktop computers in that they have the same basic components, but are significantly different in size, configuration and purpose. Servers are usually accessed over a network, and many run unattended, without a computer monitor, input device, audio hardware or USB interfaces. Many servers do not have a graphical user interface (GUI), and are configured and managed remotely. Servers typically include hardware redundancy such as dual power supplies, RAID disk systems, and ECC memory, along with extensive pre-boot memory testing and verification. Critical components might be hot swappable, and to guard against overheating, servers might have more powerful fans or use water cooling.