Configuring Audit Policies
Windows Server 2003, Windows 2000, and Windows XP provide several categories of auditing for security events. When designing your enterprise audit strategy, you will need to decide whether to include success and failure events for the following categories of security audit events:
Account logon events
Account management events
Directory service access
You can see the current status of auditing for each area by looking in the Local Security Policy Microsoft Management Console (MMC) in Windows Server 2003, Windows 2000, or Windows XP. Figure 15-2 shows how the audit policy settings are displayed in Windows 2000.