Hello,
You can enable the folder's audit and audit policy to record the corresponding logs for troubleshooting. You can refer to the following steps:
1.On the computer where the problem occurred, enter gpedit.msc with win+R to enter the "Local Policy Editor";
• Go to the "Advanced Audit Policy" settings as shown below: In Computer Configuration -Windows Settings -Security Settings -Advanced Audit Policy Configuration, set and enable "Audit File Share" and "Audit File System" in "Object Access";
• After the setting is completed, open CMD with administrator rights and execute the command: gpupdate /force;
• Run the following command again to check whether the audit policy is set successfully:
Auditpol /get /category:*
2.Set the audit in the problem file path:
Right-click the path to the problem folder, click "Properties", click "Security", click "Advanced":
Click "Auditing" and then "Add"
Add everyone, set and check as shown below, the applicable scope is "This folder, subfolders and all files", click "OK";
In this way, any access to subfolders and subfiles under the problem folder will be recorded in the Audit log, and the Audit log is in the "Security Log" of the event log to find out who deleted the file.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
Best regards
Zunhui
