Windows NT provides utilities that you can use to monitor events related to Web server security and to identify security breaches for specific files or directories. You can use Windows NT User Manager for Domains to select the types of Web server events that will be logged. You can also configure the Windows NT Explorer to record directory and file access activity. For more information about auditing, consult your Windows NT documentation.
Important
- You must log on as a member of the Administrators group to audit files and directories.
- The the Windows NT audit features require the NTFS file system. See Securing Your Files with NTFS.
To monitor activity for Web server accounts
- Click Start, point to Programs, point to Administrative Tools, then click User Manager for Domains.
- On the Policies menu, click Audit.
- In the Audit Policy dialog box, select Audit These Events.
- Select or clear the Success and Failure check boxes for each event you want to audit. (For more information about the auditing options, click Help.)
- Click OK.
To monitor file and directory access activity
- In Windows NT Explorer, select the file or directory.
- On the Security menu, click Auditing.
Note By default, the Replace Auditing On Existing Files check box is selected. Changes to auditing apply to the directory and its files only.
- Click Add to select the name of a group or user.
- Under Events to Audit, select or clear the Success and Failure check boxes for each event you want to audit.
- Click OK.
Note Select only those directories and files for which security auditing is necessary: excessive use of auditing can reduce Web server performance.
© 1997 by Microsoft Corporation. All rights reserved.