I've found a lot of information on enabling file object access auditing, but nothing that seems to apply to my particular situation. We have a user who claims someone keeps deleting her files (I'm 99.3% certain she's the one doing it). Anyway, the problem is that our remote sites only have one server, which functions as a file server, print server, domain controller, etc. Consequently, when I try to go into Local Policy on this machine, the auditing settings are grayed out - presumably because it's a domain controller. But I don't want to enable it in the Domain Controllers group policy because I've got 9 other domain controllers that I don't necessarily want to introduce this overhead to. So I guess my question is a two-parter:
1) Is there any way to enable this local policy on a single domain controller?
2) If the answer is no, and I have to use the Domain Controllers group policy, does this GP setting really impact anything if there aren't any folders on that machine with a SACL defining an audit?
Thanks.