As we unfortunately ran into some mass file delete events, some triggered by client bugs and some by user, we need to track down what actions has been performed by uses on files.
Windows offers the ability to enable file operations audit log, it needs to be enabled on the computer and then specifically on single paths. The first can be done via GPO, unfortunately the latter needs to be done manually on the folder.
We need a quote for a script which can be run via GPO which retrieves user’s Nextcloud data path(s) and enables auditing.
More info here: