Audit policy enhancements in Windows Server 2008 R2 and Windows 7 allow administrators to use audit policies to help monitor and enforce business rules. For example, applying audit policy settings on a domain or organizational unit (OU) basis will allow administrators to document compliance with rules such as:

• Track all group administrator activity on servers with finance information.
  
  
• Track all the files that are accessed by defined groups of employees.
  
  
• Confirm that the correct SACL is applied to every file, folder, and registry key when they are accessed.
  
  

The following sections contain information about each of the advanced security audit policy settings and the audit events that they generate. Information is available for events in the following categories:

• Account Logon
  
  
• Account Management
  
  
• Detailed Tracking
  
  
• DS Access
  
  
• Logon/Logoff
  
  
• Object Access
  
  
• Policy Change
  
  
• Privilege Use
  
  
• System
  
  
• Global Object Access Auditing
  
  

For more information about configuring and using advanced security audit policy settings, see the Advanced Security Audit Policy Step-by-Step Guide.

For more information about Windows support for advanced audit policy settings, see Which Versions of Windows Support Advanced Audit Policy Configuration?

For more information about audit events that are generated in Windows Server 2008 R2 and Windows 7, see Security Audit Events for Windows 7 and Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=157780).