How can I enable auditing of base objects?

To enable auditing of base objects perform the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. From the Edit menu select New - DWORD value. Enter a name of AuditBaseObjects. click OK
  4. Double click the new value and set to 1

You can also turn on full privilege auditing (but this will fill your event log):

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. From the Edit menu select New - DWORD value. Enter a name of FullPrivilegeAuditing. click OK
  4. Double click the new value and set to 1

Security SoftWare Center - http//www.1securitycenter.com