You can use security auditing techniques to monitor a broad range of user and Web server security activity. As a responsible sever administrator you should routinely audit your server configuration to detect areas where resources may be susceptible to unauthorized access and tampering.
The first step in setting up an auditing plan is configuring your Web server's audit policy. The audit policy determines the extent of the security auditing carried out by the Windows NT operating system. You can also configure the audit policy to determine whether a user succeeded or failed to carry out a security-related action. A security-related action can include the following:
You can set the audit policy from the Windows NT User Manager for Domains by logging on to your Web server with Administrator permissions. Use the Windows NT Explorer to specify the files and types types of event to audit.
When an audited event occurs, your computer adds an entry to the Windows NT Security log, which can be viewed in the Windows NT Event Viewer.