IN THIS CHAPTER

Auditing provides a means of tracking all events in Windows Server 2008 to monitor system access and ensure system security. It is a critical tool for ensuring security, but it can overwhelm a server if not configured and used correctly. This chapter explains how and why you should implement auditing, and provides some specific tips on how to configure and use auditing for different situations. As you read through the chapter, keep in mind that auditing is just one weapon in your security arsenal. Locking down the server, using firewalls, and other security-management tools are even more important. This chapter also covers Active Directory auditing. If you are not familiar with security policy settings you can also use the Security Configuration Wizard (SCW), discussed in Chapter 16, to set up auditing. It provides a quick Wizard-based model for audit configuration. The SCW contains its audit settings in an audit policy.