WHat does windows event log track?

I'd like to track system activity for help desk support.  I would be interested to see if a user is downloading files from the internet, installing/uninstalling programs or turning off/adjusting security settings.  Does Windows event log track this data?  If so, how long is it kept, does it track by user id if there are more than 1 users per machine and what versions of Windows OS have it?

Thanks.
vsllcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

johnb6767Commented:
Windows & Active Directory Auditing
http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing.html

You can read about what you can audit here.....

Some of the things you mentioned though, arent possible with simple auditing, you would need some sort of web content software, or a proxy, to track what people do online.....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
martin_babarikCommented:
Your question deserves longer explanation.
For some of the things you need to track you will need 3rd party applications, like proxy server (to control web traffic).
Most of the things can be audited on either domain or local computer level. Most of the auditing settings you will find when you type Start -> Run -> gpedit.msc
Expand Computer configuration / Windows settings / Security settings / Local policies / Audit policy.
Be careful what you enable/disable....you don't need to know literally everything. It depends on what kind of computer it is...domain controller should have definnetly more detailed auditing than some unimportant workstation.
Also be careful about managing the log files. If you audit TOO MUCH, your events might be unwantedly rewriten.
0
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.