NOTE: Perform this procedure only if the account selected for data collection is not a member of the Domain Admins group.
This permission should be assigned on each domain controller in the audited domain, so if your domain contains multiple domain controllers, you may prefer assigning permissions through Group Policy.
On your target server, open Registry Editor: navigate to Start → Run and type "regedit".
In the left pane, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Services\EventLog\Security.
- Right-click the Security node and select Permissions from the pop-up menu.
Click Add and enter the name of the user that you want to grant permissions to.
Check Allow next to the Read permission.
NOTE: For auditing Logon Activity, you also need to assign the Read permission to the HKEY_LOCAL_MACHINE\SECURITY\Policy\PolAdtEv registry key.