Read the Windows Server 2008 R2 security auditing resources below – and you’ll be up to speed:
- Advanced Security Audit Policy Step-by-Step Guide
This step-by-step guide for Windows Server 2008 R2 and Windows 7 demonstrates the process of setting up an advanced audit policies infrastructure in a test environment. During this process, you will create an Active Directory domain, install Windows Server 2008 R2 on a member server, install Windows 7 on a client computer, and configure two advanced audit policies.
- Which Versions of Windows Support Advanced Audit Policy Configuration?
This page provides information about the versions of Windows that support advanced audit policy configuration and special considerations that apply to various tasks associated with auditing enhancements.
- Planning and Deploying Advanced Security Audit Policies
This document explains the options that security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes computers running Windows 7 or Windows Server 2008 R2.
- Security Audit Policy Reference
This reference provides information about the auditing settings available in Windows Server 2008 R2 and Windows 7 and the audit events that they generate.
This page provides syntax and examples for using the Auditpol command-line tool, which can be used to display information about and performs functions to manipulate audit policies.
- Security audit events for Windows Server 2008 and Windows Vista
- Security Monitoring and Attack Detection Planning Guide
This guide describes how to plan a security monitoring system on Windows-based networks.
- How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 domain
This article describes how to use Group Policy to configure security auditing settings for Windows Vista-based or Windows Server 2008-based computers in a Windows Server 2003 domain or in a Windows 2000 domain. Windows Vista and Windows Server 2008 let you manage audit policies at a more detailed level by using audit policy subcategories. This article describes a procedure that administrators can use to deploy a custom audit policy that applies detailed security auditing settings for computers that are running Windows Vista or Windows Server 2008.