I'm sure you've already heard users complaining that files have mysteriously disappeared.
So in order to solve one of the most frequent mysteries of computer science and incidentally to point out the culprit, it is necessary to activate file auditing.
This will allow us to see all the modifications or accesses for a given folder or file (read access, delete, ACL modification and so on…)
To enable file auditing we need to create a new GPO.
Now, we need to connect to our Windows File Server to activate the File Auditing on a folder.
Let's say we want to enable audit on this \\SRV-DATA\01-Admin share.
C:\> gpresult /r /z
The result of the audit will be available in security log of the event log.