Auditing System Resources

Auditing is the best way to track what’s happening on your Windows Server 2008 systems. You can use auditing to collect information related to resource usage, such as file access, system logon, and system configuration changes. Any time an action occurs that you’ve configured for auditing, the action is written to the system’s security log, where it’s stored for your review. The security log is accessible from Event Viewer.

Note

For most auditing changes, you’ll need to be logged on using an account that’s a member of the Administrators group or be granted the Manage Auditing And Security Log right in Group Policy.

Setting Auditing Policies

Auditing policies are essential to ensure the security and integrity of your systems. ...

Get Windows Server® 2008 Administrator's Pocket Consultant now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.