Implementing an Audit Policy
One of the most important aspects of controlling security in networked environments is ensuring that only authorized users are able to access specific resources. Although systems administrators often spend much time managing security permissions, it is almost always possible for a security problem to occur.
Sometimes, the best way to find possible security breaches is to actually record the actions specific users take. Then, in the case of a security breach (the unauthorized shutdown of a server, for example), systems administrators can examine the log to find the cause of the problem.
The Windows Server 2008 R2 operating system and Active Directory offer you the ability to audit a wide range of actions. In the following ...