Audit: Audit the use of Backup and Restore privilege
Applies To: Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Vista
This security policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use policy setting is in effect. Enabling this policy setting when the Audit privilege use policy setting is also enabled generates an audit event for every file that is backed up or restored.
If you disable this policy setting, then use of the Backup or Restore privilege is not audited even when Audit privilege use is enabled.
In versions of Windows earlier than Windows Vista, if you configure this security setting, changes will not take effect until you restart Windows. Enabling this setting can generate a large number of events, sometimes hundreds per second, during a backup operation.