For Windows Server Auditing

Before you start creating a monitoring plan to audit your Windows servers (including DNS and DHCP servers), plan for the account that will be used for data collection – it should meet the requirements listed below. Then you will provide this account in the monitoring plan wizard (or in the monitored item settings).

Starting with version 9.96, you can use group Managed Service Accounts (gMSA) as data collecting accounts.

On the target servers:

  1. The Manage auditing and security log policy must be defined for this account. See Configuring 'Manage Auditing and Security Log' Policy
  2. This account must be a member of the local Administrators group.