I just upgraded a server to Windows 2000, and I want to audit an executable file on it to see when it is used and by whom. I activated object auditing in Local Security Policy, and I activated auditing on the file for the Everybody group, but it's not really working it seems like. Security events have been logged to the Event Viewer, but they're all about the SAM (the network is NT4). What am I doing wrong?