I have found some information regarding file/folder auditing and have come up short.
I want to audit a specific folder on our network for files and folders that have been moved or deleted. The guides that I have looked at tell me to go to administrative tools > local security policy > expand local policies > select audit policy. The option to enable any of the sections is greyed out.
I would need to know how to fix this.
I also need to know how to setup auditing for a certain group - lets say the group is sales or marketing or administrators. When a user who is part of this group(s) moves a file/folder or deletes a file/folder where is the information stored - which log is it and how do I view it so that it makes sense?
Any help would be appreciated.