Not a real easy task unless you have auditing turned on already... Easiest way, for a win2K AD environment, is to go to the OU that every "server" (i.e., any machine that the user may access remotely, even if it is just a workstation with a shared printer) is in, and turn on auditing. Then, for all the files that the user may potentially access, you must go to the file level (root folders are OK) and turn on auditing for that user account on that object. You may be better off doing this a different way. I can think of two: 1. Screen/keyboard capture utility. 2. Sniffer on the wire between him and the nearest switch, with a filter for his MAC. But those don't really answer the question... those two will capture everything that a COMPUTER does on the network, but if the user switches computers, the auditing does not follow. So I guess, to really answer correctly, we need more info on the environment and the possible data that you are hoping to acquire. HTH. HAND, Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Justin Martin [mailto:jmartin@xxxxxxxxxx] Sent: Monday, December 08, 2003 9:38 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Auditing I need to watch everything that one network user is doing. What is the best way to audit everything that this user is touching on the network? Thanks Justin