Check or Attack Name: Privilege Audit

Privilege Auditing is not enabled. Privilege auditing records when any user rights (such as the right to backup and restore files) are granted to a user or process. These events appear in the Event Viewer Security Log.

Enable Use of User Rights auditing.

To enable auditing, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the account from the list.
3. From the Policies menu, select Audit to display the Audit Policy dialog box.
4. Enable Use of User Rights auditing on Success and Failure.