Configure Non-Administrative Account to Collect Logon Activity
This section contains instructions on how to configure an account to collect Logon Activity with minimum rights assignment. The instructions below apply only if you are going create a monitoring plan with disabled network traffic compression and do not want to adjust audit settings automatically. Do the following:
Before creating an account, grant the Read permission on the SECURITY registry key
(HKEY_LOCAL_MACHINE\SECURITY) for an admin account under which you will make changes in Group Policy.
Do the following:
Create a domain user with the following privileges:
- Back up files and directories. See Configuring 'Back up Files and Directories' Policy for more information.
Log on as a batch job. See Define Log On As a Batch Job Policy for more information.
Manage auditing and security log. See Configuring 'Manage Auditing and Security Log' Policy for more information.
Grant the Read permission on the following registry keys to this user:
Refer to Assigning Permission To Read the Registry Key for detailed instructions on how to do it using Registry Editor.