This step-by-step article describes how to use Windows Server 2003 auditing to track user activities and system-wide events in Active Directory.
When you use Windows Server 2003 auditing, you can track both user activities and Windows Server 2003 activities which are named events, on a computer. When you use auditing, you can specify which events are written to the Security log. For example, the Security log can maintain a record of both valid and invalid logon attempts and events that relate to creating, opening, or deleting files or other objects. An audit entry in the Security log contains the following information: • The action that was performed.
• The user who performed the action.
• The success or failure of the event and the time that the event occurred.