Managing Security Auditing

Applies To: Windows 7, Windows Server 2008 R2

Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.

The most common types of events to be audited are:

• Access to objects, such as files and folders.

• Management of user accounts and group accounts.

• Users logging on to and logging off from the system.

This section contains:

• Audit Policies

• Define or Modify Auditing Policy Settings for an Event Category

• Apply or Modify Auditing Policy Settings for a Local File or Folder

• View the Security Log