Audit Policies
Auditing security events and then placing entries in the computers security log can track selected activities of users. Use the audit policy to determine the types of security events that are logged.
Because the security log is limited in size, choose to log only those events necessary. The maximum size of the computer's security log is defined in Event Viewer.
Entries in a security log can be reviewed using Windows Event Viewer.