Generate security audits

Information

Generate security audits

This security setting determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service if the Audit: Shut down system immediately if unable to log security audits security policy setting is enabled. For more information see Audit: Shut down system immediately if unable to log security audits

Default: Local Service
Network Service.

Solution

Policy Path: Local Policies\User Rights Assignment
Policy Name: Generate security audits

See Also

https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)(b), CSCv6|16

Plugin: Windows

Control ID: a612d7fb39c163346056ab8d0c7df5e2719c0ee94bea3263263d8008392db0c3