The need to track actions which occur in today's computing environment is not only an interest for most customers, it is a requirement. Windows Server 2008 offers rich capabilities for generating, capturing and analyzing audited events. This topic is a cornerstone of system security and goes well beyond the simple configuring of audit policy. This session discusses the Windows auditing subsystem, why auditing is important and how to configure an audit policy and collection mechanism that addresses compliance within your customer. Detailed walk-throughs are provided on the processes behind developing an auditing framework - including audit policy settings, SACL definition, audit triggers and collection using Windows Server 2008 and Audit Collection Services based upon practical customer examples. Gain an understanding of the core auditing capabilities available within the Windows platform; methodologies for converting customer requirements into a functional, manageable and compliant auditing model; and the tools used for audit collection and analysis, including Audit Collection Services and the updated Windows Server 2008 event subsystem.