To establish an audit policy
Perform one of these steps:
You want to modify security settings for your local computer
Open Local Security Settings
You are on a workstation or server, which is joined to a domain, and you would like to modify security settings for a Group Policy object
Click Start, point to Run, type mmc and click OK.
In the console, click the File menu and click Add/Remove snap-in.
In Add/Remove Snap-in, click Add. In Add Standalone Snap-in, double-click Group Policy.
In Select Group Policy Object, click Browse, browse to the policy object you would like to modify, and click Finish.
Click Close and then click OK.
In the console tree, click Audit Policy.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy
In the details pane, double-click an audit policy for which you would like to change audit settings and select the Define these policy settings check box.
Do one or both of the following:
To audit successful attempts, select the Success check box.
To audit unsuccessful attempts, select the Failure check box.
Repeat the last two steps for any additional audit policies you would like to change.
You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.
To open Local Security Policy, click Start, click Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy.