Microsoft Knowledge Base Article 325898 contains the following summary:
This article describes how to set up and manage
operation-based auditing in Windows Server 2003 Enterprise Edition.
use operation-based auditing,
you can audit operations on files and folders.
This means that you can audit certain operations (for example,
operations) and audit access to objects.
Operation-based auditing is set up
when you turn on object access auditing on a file or folder.
events and operations such as Write operations are
recorded in the security
Operation-based audits are categorized as object audits, and they are logged as an event ID 567 in the security log. These audits are generated the first time an operation is performed. You can set up only files and folders to generate operation audits.