Windows Server TechCenter > Internet Information Services (IIS) 6.0 Technical Library > IIS 6.0 Operations Guide > Security in IIS 6.0

Auditing in IIS 6.0

Updated: August 22, 2005

You can use security auditing techniques to track the activities of users and to detect unauthorized attempts to access your NTFS file system directories and files. Activities that you can audit include the following:

•	User attempts to log on, both successful and unsuccessful.
•	User attempts to access restricted accounts.
•	User attempts to execute restricted commands.

Note:

In IIS 6.0, successful account logons, including every impersonation of the anonymous account, are audited by default. If your server is hosting busy Web sites, this can cause the security event log to fill quickly with entries. To disable auditing of successful logons in the security event log, see "Auditing security events" in Help and Support Center for Windows Server 2003.

Related Information

•	For information about how to log user Web site and FTP site activity, see Logging Site Activity.
•	For information about how to control access to your Web site and FTP site, see Access Control with IIS 6.0.