Hi,I already turn on all the security policy-audit policy on my server 2003,it should be can record the user's activities in the pc right?Now I would like to track back a user's activities in a pc, i open the event viewer-security on the pc, it show me few hundred thousand events :-( , I randomly checked some events but I found all the event didn't list out what files had been view/open, created, saved or copied to external harddisk/usb and burned to cd/dvd.Recently tracking a folder(600mb) in a pc, it is possible to track the folder had been burned to cd/dvd and copied to external harddisk/usb with the security events records?Anyone can help or give me some idea?Thank you.

The following article can help you configure security auditing on a computer running Windows Server 2003: http://support.microsoft.com/kb/325898In particular, note the section titled "How to apply or modify auditing policy settings for a local file or folder"Note that security auditing in Windows Server 2003 likely will not allow you to capture the level of detail that you are describing. The following document provides additional information about the audit policy settings that you are interested in and the events that they log: http://technet.microsoft.com/en-us/library/dd772623(WS.10).aspx . In particular, I recommend the overview, and sections on: Audit Policy Settings Under Local Policies\Audit PolicyAudit Policy Settings Under Local Policies\Security OptionsI hope this helps.