I am running Server 2012 R2.
My goal here is to find out what file/folder and who has deleted it in my given audited folder.
Here is what i have done.
I ran GPEDIT.MSC > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy > Audit object Access > Checked the box for success
Once that is in place, I went to the folder I wanted to monitor, right click and went to properties.
Clicked the security tab > Advanced > Auditing Tab > Add > then added the "Everyone" security group to the folder > Selected "Show advanced permissions" > Checked "Delete subfolders and files" and "Delete". I left the default for type: Success and applies to: "This folder, subfolders and files".
I than ran gpupdate and then preceded to delete a couple items in the audit folder. I can not find any events were I went to my folder that I just put the audit on above in the security event viewer. Did i do something wrong... also would be nice if i knew what event ID correlated with an object being deleted. That way I can create a custom view to make life easier when I am looking.