This paper will describe the Windows 2000 authentication process, and how to collect and use the security events created in the authentication process in order to audit your system. This is mainly a practical validation of the information collected from several publications about Windows 2000...