You'll need to enable the following GPO Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policies -> Audit object access
This will generate a log entry in the security log every time someone does a file operation (among others)
This will generate a ton of logs, you'll probably have to ship them to a machine dedicated to managing logs, or increase the size of your security log.
You'll need to enable the following GPO Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policies -> Audit object access
This will generate a log entry in the security log every time someone does a file operation (among others)
This will generate a ton of logs, you'll probably have to ship them to a machine dedicated to managing logs, or increase the size of your security log.