Auditing Server Activity

Applies To: Windows Server 2003, Windows Server 2003 with SP1

You can use security auditing techniques to monitor a broad range of user and Web server security activity. You should routinely audit your server configuration to detect areas where resources might be susceptible to unauthorized access and tampering. For example, you can audit the following user activities:

  • Logon attempts, both successful and unsuccessful

  • Attempts to access restricted accounts

  • Attempts to execute restricted commands

You can use the integrated Windows utilities, or the logging features built into IIS, or use Active Server Pages (ASP) applications to create your own auditing logs.