To turn on security logging

Click Start, click Run, type mmc /a, and then click OK.
On the Console menu, click Add/Remove Snap-in, and then click Add.
Under Snap-in, click Group Policy, and then click Add.
In Select Group Policy Object, click Local Computer, click Finish, click Close, and then click OK.
In Local Computer Policy, click Audit Policy.
Where?

Local Computer Policy
Computer Configuration
Windows Settings
Security Settings
Local Policies
Audit Policy
In the details pane, click the attribute or event you want to audit.
Click Action, and then click Security.
In Local Security Policy Setting, click the options you want, and then click OK.
Repeat steps 6, 7, and 8 for other events you want to audit.
Notes

You must be logged on as an administrator or as a member of the Administrators group to turn on security logging. Group Policy is available only to administrators.
If you have previously saved a console with Group Policy, you can open the saved console and go to step 5.
If your computer is connected to a network, security logging may be restricted or disabled by network policy.
The security log is limited in size, so carefully select the events to be audited and consider the amount of disk space you are willing to devote to the security log. For information about changing the log size, see Related Topics.
This procedure applies to Windows 2000 Professional computers, as well as Windows 2000 Server computers running as stand-alone servers or member servers. To turn on security logging for a domain controller, see Related Topics.
If security auditing has been enabled on a remote machine, you can view the event logs remotely with Event Viewer. Open an MMC console in author mode, and add Event Viewer to the console. When prompted to specify which computer the snap-in will manage, click Another computer and enter the name of the remote computer.
Security auditing for workstations, member servers, and domain controllers can be enabled remotely only by domain administrators. To do that, create an Organization Unit (OU), add the desired machine account(s) to the OU, and then, using Active Directory Users and Computers, create policy to enable security auditing.