When you’ve identified what settings you want to configure and which objects you want to audit, you can configure the system to begin the audit-log collections. You can enable auditing for a local system by modifying the Local Security Policy. If you want to enable auditing for several systems in a domain, you can do so via Group Policy.
The following steps show how to enable auditing locally for any Windows Server 2008 server:
1. Click Start Administrative Tools Local Security Policy. If prompted by User Account Control (UAC), click Continue.
2. Expand Security Settings Local Policies, and select Audit Policy.
3. Double-click any of the audit settings.
4. Select Success and/or Failure, as desired. Click the Explain ...