In order to track security related events, auditing must be enabled on the system to be monitored. To enabled auditing on Windows 2000 systems, open Control Panel, select Administrative Tools, Local Security Policy, and then Audit Policy.

In the right window pane on the dialog, double-click each policy to ensure it reflects your preference in tracking. Select the Success item to write an event log entry upon successful events, and select Fail to write an event log entry upon failed events