Activity 11.2: Auditing a Web Site | MCSE Training Kit (Exam 70-226): Designing Highly Available Web Solutions with Microsoft Windows 2000 Server Technologies (MCSE Training Kits)

You’re a network administrator at Litware, Inc. You’ve implemented a Web site and you want to audit the site to ensure its security. You want to keep your logs as small as possible, so you decide to log only the date, time, client IP address, username, bytes sent, and bytes received.

Which method should you use to audit the Web site?
What tool can you use to view the logs?
You decide to audit a specific subdirectory in the Wwwroot directory. You open the properties for that subdirectory and configure auditing so that all successful and failed attempts at access generate an event. You log on to the Web site with a test user account and access the subdirectory and open several files. You then use Event Viewer to check the Security log. However, no events appear in the log.
Why haven’t the events been recorded in the Security log?
After you configure the necessary policies, you log on to the Web site with a test user account and access the subdirectory and open several files. You then log on with another test account and try to access the directory; however, access is denied. When you view the Security log, you discover that successful events appear, but no failed attempts appear.
Why haven’t failed events been recorded in the Security log?