Auditing security events
You can set up auditing to detect and record security-related events, such as when a user attempts to access a confidential file or folder. When you audit an object, an entry is written to the Windows XP Professional security log whenever the object is accessed in a certain way. You determine which objects to audit, whose actions to audit, and exactly what types of actions are audited. Once you set up auditing, you can keep track of users who access certain objects and analyze security breaches. The audit trail, which logs the events you have chosen, can show who performed the actions and who tried to perform actions that are not permitted.