Auditing security events

You can set up auditing to detect and record security-related events, such as when a user attempts to access a confidential file or folder. When you audit an object, an entry is written to the Windows XP Professional security log whenever the object is accessed in a certain way. You determine which objects to audit, whose actions to audit, and exactly what types of actions are audited. Once you set up auditing, you can keep track of users who access certain objects and analyze security breaches. The audit trail, which logs the events you have chosen, can show who performed the actions and who tried to perform actions that are not permitted.

For tips about auditing, see Best practices for auditing 

For help with specific tasks, see How to 

For general background information, see Concepts 

© 2017 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies