Windows NT auditing features can record events to show which users access which objects, what type of access is being attempted, and whether or not the access attempt was successful. You can view audited security events through Event Viewer by selecting Security from the Log menu. (For complete information about how to use Event Viewer, see the chapter on Event Viewer in either the Microsoft Windows NT System Guide or the Microsoft Windows NT Advanced Server System Guide.)
You can see detailed information about a particular audited event in the security log by double-clicking on that event.
To set up auditing on your computer, use the Auditing and Security options in the User Manager, File Manager, Print Manager, and other tools. From these tools, you can specify the types of auditing events you want to include in the security log. For more information about setting auditing options within these tools, see the Windows NT documentation.
Note While Event Viewer is adequate for most requirements, the security model is defined so that developers can write their own custom security event viewer/monitor. For details on Windows NT security-related APIs, see the Microsoft Win32 Software Development Kit.