System administration

windows server 2012 audit log no file delete event 4660?

Hello.
It is not possible to deal normally with the logging of file deletion events on Windows Server 2012 R2 x64. You need to configure the windows security log to log file deletion events. According to all the instructions, it is enough to do: And you don’t even need to overload. Now you need to set up auditing of directory events: Well, as usual, you need to check this. I delete a file: Now in theory I should receive the following events 4656/4663 for a deletion request (descriptor request), but the final deletion is registered in event 4660. So there are 4656 and 4663 in the log, but 4660 is missing: Just in case, I did the following checks: - checked the security log filter - no filters installed.




- I checked the operation of the same settings on another windows server 2012 R2 server.
- the file is definitely deleted on the local drive.
The result has not changed and there are still no 4660 events. 4660 looks like this: On windows 8.1 corporate everything works fine and 4660 events are logged normally. Do not tell me - what did I miss?