I noticed back in April of 07 in our Event Viewer in the Security log a new category named Detailed Tracking, and I am curious what update create that and when that category started. Thank you, Mike

Hi Mike, With the Detailed Tracking category (sometimes called Process Tracking), Windows gives you the ability to track programs executed on the system and to link those process events to logon sessions reported by Logon/Logoff events and to file access events generated by the Object Access category. For instance, you can use Detailed Tracking events to determine that Joe opened Excel. By linking Detailed Tracking events to Logon/Logoff events, you can further show that Joe opened Excel during a remote desktop logon; by linking Detailed Tracking events to Object Access events, you can document that Joe used Excel to open and modify c:\files\payroll.xls. Detailed Tracking also provides event IDs for monitoring the installation and removal of services and the maintenance of scheduled tasks. To log these events you must either enable this entire category using the Audit process tracking events policy or you can enable any of the subcategories below using the auditpol command. Hope it helps. Tim Quan - MSFT