Auditing System Resources
Auditing is the best way to track what’s happening on your Windows Server 2008 systems. You can use auditing to collect information related to resource usage, such as file access, system logon, and system configuration changes. Any time an action occurs that you’ve configured for auditing, the action is written to the system’s security log, where it’s stored for your review. The security log is accessible from Event Viewer.
For most auditing changes, you’ll need to be logged on using an account that’s a member of the Administrators group or be granted the Manage Auditing And Security Log right in Group Policy.
Setting Auditing Policies
Auditing policies are essential to ensure the security and integrity of your systems. ...