We want to have the security event viewer log when a user is denied access to a particular folder. For instance we are required to log when unauthorized users try to access the security event viewer log. We also have to log when a user tries to access certain directories they are not allowed to on the server. We have successfully locked them out of this access but a DoD requirement states that we have to log when they even try to access that folder or event viewer. Any ideas on how to do this, especially via group policy? We're in Windows Server 2008. I need this ASAP before our audit this week.