Hi I am using Windows 2008 R2 RDS environment. I have implemented folder redirection and roaming profiles and using central storage for user's data. To monitor file server (Windows 2008 R2) i have implemented audit policy "file server audit policy" on file server to monitor who has deleted what. Policy is working perfect but problem is that when user open IE and close application event log is generated (Event ID 4663) that show "\Device\HarddiskVolume\foldername\username\Appdata\Roaming\Microsoft\windows\cookies\filename.txt" An attempt was made to access an object. and after that event 4660 is generated and mention that said file is deleted. Same case is observed with /Firefox Due to this for 100 users event logs are generating very rapidly. Is it possible that I exclude some specfic folders from this Advance audit policy (This is local policy) or is there any good practice to monitor file deletion excluding cache files. Regards