I am trying to determine who access a user's desktop and copied a folder with confidential information to the general file server. Unfortunately, when the user whose desktop it came from found it, and the confidential information in the folder, on the file server the user deleted it. Is there any way to determine who accessed the user's desktop and copied the folder?
Desktop - Windows 7
Server - 03 r2