You’re a network administrator at Litware, Inc. You’ve implemented a Web site and you want to audit the site to ensure its security. You want to keep your logs as small as possible, so you decide to log only the date, time, client IP address, username, bytes sent, and bytes received.
You decide to audit a specific subdirectory in the Wwwroot directory. You open the properties for that subdirectory and configure auditing so that all successful and failed attempts at access generate an event. You log on to the Web site with a test user account and access the subdirectory and open several files. You then use Event Viewer to check the Security log. However, no events appear in the log.
After you configure the necessary policies, you log on to the Web site with a test user account and access the subdirectory and open several files. You then log on with another test account and try to access the directory; however, access is denied. When you view the Security log, you discover that successful events appear, but no failed attempts appear.