NOTE: Perform this procedure only if the account selected for data collection is not a member of the Domain Admins group. This procedure must be performed on each domain controller in the audited domain. If your domain contains multiple domain controllers, you may prefer a different method, for example assigning permissions through Group Policy.
On your target server, open Registry Editor: navigate to Start → Run and type "regedit".
In the left pane, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Services\EventLog\Security.
- Right-click the Security node and select Permissions from the pop-up menu.
Click Add and enter the name of the user that you want to grant permissions to.
Check Allow next to the Read permission.
NOTE: For auditing Logon Activity, you also need to assign the Read permission to the HKEY_LOCAL_MACHINE\SECURITY\Policy\PolAdtEv registry key.