This policy setting determines which users or processes can generate audit records in the Security log. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers. This policy setting determines which users or processes can generate audit records in the Security log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment!Generate security audits (2) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight=SeAuditPrivilege and precedence=1