Chapter 5
Using Audit Policies and Network Auditing
Auditing provides administrators with an easy method of tracking activity on systems. You can track when users access files, shut down systems, create or modify accounts, and much more. Windows Server 2008 includes nine separate categories of auditing that you can manipulate.
Although Windows Server 2008 audits many events by default, these events may not be enough to meet the needs of your organization. It’s important to know what you can audit and how to enable auditing for different events. Of course, when you’ve enabled auditing, you’ll also want to know how to view the audited events. For instance, Microsoft Windows records auditable events in the Security log, and you can use the Event ...