Auditing in IIS 6.0
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can use security auditing techniques to track the activities of users and to detect unauthorized attempts to access your NTFS file system directories and files. Activities that you can audit include the following:
User attempts to log on, both successful and unsuccessful.
User attempts to access restricted accounts.
User attempts to execute restricted commands.
|In IIS 6.0, successful account logons, including every impersonation of the anonymous account, are audited by default. If your server is hosting busy Web sites, this can cause the security event log to fill quickly with entries. To disable auditing of successful logons in the security event log, see "Auditing security events" in Help and Support Center for Windows Server 2003.|