Are there any improvements in the ability to track important security events in Longhorn server? Specifically, it's currentlynon-trivialto track GPO changes and directory object movements.

Hi, If you look at the Default DC GPO in LH, you will see that nothing is defined. Reason for this is that audit policies are defined on each DC. Yes, auditing has changed in LH. You may know the GPO settings as the audit policies in W2K/W2K3. In LH these are still audit policies, however the name has changed slightly. They are called "Global Audit Policies". Each global audit policy has subcategories. The individual subcategories cannot be configured through the GUI (or a GPO). Each individual subcategories can be configured through a command line utility called AUDITPOL (not sure if this is going to change). Enabling a global audit policy, enabled ALL subcategories. Looking at the global audit policy called "DS Access" only the subcategory called "Directory Service Access" is enabled by default. The other subcategories are not defined. It is true that the subcategory called "Directory Service Changes" will audit old and new values. If the values are stored in binary form you will see <binary> and not the previous and new value. When upgrading from W2K/W2K3 you might wanna look at auditing, because the default auditing configuration of W2K/W2K3 in GPOs will affect LH as it will enabled more subcategories. Setting the global audit policies, prior to the introduction of the LH DCs, to "Not Defined" (NOT "No Auditing") does not impact auditing on W2K/W2K3 DCs as the setting is already stored (tattoo-ed) on the local DC cheers