This policy setting determines which users or processes can generate audit records in the Security log. Countermeasure: Ensure that only the Service and Network Service accounts have the Generate security audits user right assigned to them. Potential Impact: None. This is the default configuration.

[list_of_users_followed_by_comma]

(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Generate security audits (2) REG: ### (3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeAuditPrivilege' and precedence=1