Event Viewer Best practices
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Enable security logging for security-critical objects and actions, and then periodically review the security logs on computers in your network.
By setting up an auditing policy and reviewing your security logs, you can detect unauthorized activity or intrusion attempts by malicious users or attackers on computers in your network.
For more information about setting auditing policies, see Auditing Security Events.
For more information about viewing event logs, see View Event Logs.