Auditing Security Events
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Auditing security events
You can set up audit policy so that user or system activity in specified event categories is recorded. You can monitor security-related activity, such as who accesses an object, if a user logs on to or logs off from a computer, or if changes are made to an auditing policy setting.
Before defining auditing policy settings in the object access event category, see Checklist: Setting up object access auditing.
For tips about auditing, see Auditing Security Events Best practices.
For help with specific tasks, see Auditing Security Events How To....
For general background information, see Auditing Security Events Concepts.