Activate Auditing for an Authorization Store
Applies To: Windows Server 2008
Authorization Manager is available for use in the following versions of Windows: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows XP, Windows Vista, Windows 7, and Windows 8. It is deprecated as of Windows Server 2012 R2 and may be removed in subsequent versions.
To control which Authorization Manager actions or activities are audited, use the following procedure.
You must be assigned to the Authorization Manager Administrator user role to complete this procedure. By default, Administrators is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.
Activate auditing for an authorization store
If necessary, open Authorization Manager.
In the console tree, right-click the authorization store that you want to audit, and then click Properties.
In the Properties dialog box, click the Auditing tab, and then do one or both of the following:
To audit runtime application initialization, select the Runtime application initialization auditing check box.
To audit authorization store changes, select the Authorization store change auditing check box.
To perform this procedure, you need to have access to an authorization store. By default, members of the Administrators group have the required access, but Authorization manager allows you to delegate responsibility. For more information, see "Additional references" in this topic.
To audit an authorization store, you must have specific privileges and security settings. For more information, see Related Topics.