In other cases, however, it's the user who's at fault. This can involve constantly forgetting or using the wrong password, incorrectly typing the account name, attempting logon at prohibited times, or even trying to access resources for which he or she has no permissions.
Whichever type of user you're dealing with, auditing the user can help you identify problem sources and develop a long-term solution—even if the solution is training or eventual termination.
Which types of events you audit for a given user depends on the problem area. For example, if a user is having trouble logging in or attempts to log in during unauthorized hours, you should audit account logon. Track object access to determine when a user attempts to access a resource such as a folder or file. Audit other events as appropriate according to the problems the user is having.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!