Protect Your Security Logs
Tip on how to protect your Security logs.
What's the best way to protect your servers against a rogue admin using a tool like Winzapper to cover their tracks? Regularly archive the Security logs on all your servers to a secure location that only you have access to. You might try robocopy.exe and schtasks.exe as a simple solution for this, or you can use one of the integrated log monitors available from third-party vendors, or you can wait for Microsoft's Audit Collection Services (ACS) to be released soon.