Auditing of Privilege Use: Sensitive Privilege Use events on failure should be enabled or disabled as appropriate.
This policy setting determines whether the operating system generates audit events when sensitive privileges (user rights) are used. Actions that can be audited include: A privileged service is called. * One of the following privileges is called: * Act as part of the operating system ...