I have an organization that keeps opening a service ticket stating that files and folders keep disappearing on their shared drive on the server. Yet, when I perform a search, I find the file/folder and determine that it was just moved to a different location.
I am Googling to see if there is a built in way to enable auditing to determine who/what is moving these files/folders. I looked at this and do not feel it meets my needs to track when a file is moved, modified, created or deleted:
1. Open Administrative Tools > Local Security Policy.
2. Expand Local Policies and click Audit Policy in the left pane.
3. Select Audit object access in the right pane, and then click Action > Properties.
4. Select Success and Failure, and then click OK.
5. Close the Local Security Policy window.
Can anyone recommend a way to monitor all the actions listed above?