File System auditing - Event ID 4663 not logging

It sounds like you’ve done all the right policy settings, but often the missing piece is setting the auditing on the specific folder or file itself.
Just enabling audit policies in Group Policy isn’t enough — you also need to configure the SACL (System Access Control List) on the folders you want to monitor.

Try this:

Right-click the folder you want to audit, go to Properties → Security → Advanced → Auditing tab.

Add the users or groups you want to audit (or Everyone to test).

Select what access types to audit (like Read, Write, Delete).

Apply and OK.

After that, any matching access should trigger Event ID 4663 in the Security logs.

If you’ve already done this, it might be worth running gpresult /h report.html to make sure the policy is actually applying to the server.