Auditing in IIS 6.0
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can use security auditing techniques to track the activities of users and to detect unauthorized attempts to access your NTFS file system directories and files. Activities that you can audit include the following:
User attempts to log on, both successful and unsuccessful.
User attempts to access restricted accounts.
User attempts to execute restricted commands.
Note
In IIS 6.0, successful account logons, including every impersonation of the anonymous account, are audited by default. If your server is hosting busy Web sites, this can cause the security event log to fill quickly with entries. To disable auditing of successful logons in the security event log, see "Auditing security events" in Help and Support Center for Windows Server 2003.
Related Information
For information about how to log user Web site and FTP site activity, see Logging Site Activity.
For information about how to control access to your Web site and FTP site, see Access Control with IIS 6.0.