auditpol.exe lets you set domain, member server, or workstation audit policies remotely from the commandline. The GUI tool in User Manager is OK for setting domain policies but try to use it to set policies on many member servers. You can use auditpol and simple scripts to set a standard set of policies. The result of auditpol /help follows:

AuditPol [\\computer] [/enable | /disable] [/help | /?] [/Category:Option] ...

   /Enable   = Enable audit (default).

   /Disable  = Disable audit.

   Category  = System    : System events
               Logon     : Logon/Logoff events
               Object    : Object access
               Privilege : Use of privileges
               Process   : Process tracking
               Policy    : Security policy changes
               Sam       : SAM changes
               Directory : Directory access
               Account   : Account logon events

   Option    = Success   : Audit success events
               Failure   : Audit failure events
               All       : Audit success and failure events
               None      : Do not audit these events

Samples are as follows:

   AUDITPOL \\MyComputer
   AUDITPOL \\MyComputer /enable /system:all /object:failure
   AUDITPOL \\MyComputer /disable
   AUDITPOL /logon:failure /system:all /sam:success /privilege:none

If you save your scripts, any audit changes you implement with this tool are self-documented.

Gives an in-depth look at the NT/Windows 95/98 system policies. Step-by-step walkthroughs.