The process of tracking and monitoring actions is performed on servers. Auditing is an important component of a general security policy for a corporate network. Auditing can be used to detect attempts at unauthorized access to network resources and to track the usage of shared resources. Auditing creates a record of which files have been accessed, who has logged on to the network, who has attempted to use a shared resource, and so on. Specifically, auditing records information in the security log about
In Microsoft Windows NT, auditing must first be enabled by configuring an Audit policy for the domain being audited. If you are auditing access to files and other objects, you must specifically enable auditing on the files and objects you want to audit by using the Security tab on the file or object’s property sheet.
Windows NT records two kinds of auditing information in the security log: