Those are great articles, thanks. Since I only need to audit a handful of employees ( everyone else would be using the GUI front end or it would be an automated process loading data ) I'd rather not deal with log files or an additional database on the production hardware.

I think you can get pretty granular with profiler as far as only logging transactions by a named group of people or "anything except application A or application B". I still need to find out if this is for some legal requirement where the ability to stop the trace by a production support developer ( those guys are given sysadmin rights against my wishes ) would totally void the audit approach.

I think I've only run profiler from management studio where obviously if the workstation or server I'm remoted into is restarted the trace stops. I'll have to see how to have the trace run ( server side? ) in a way that only ( sysadmins? ) can stop it. My guess is it would satisfy the audit requirement to identify data changes if only 3 or 4 people could stop the trace.

Otherwise I'm guessing it would have to be something purchased specifically for this purpose that is virtually fullproof.