Auditing of Privilege Use: Non Sensitive Privilege Use events on failure should be enabled or disabled as appropriate. Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. The following privileges are non-sensitive: * Access Credential Manager as a trusted caller * Access this computer from the network * Add workstations to domain * Adjust memory quotas for a process * Allow log on locally * Allow log on through Terminal Services * Bypass traverse checking * Change the system time * Create a page file * Create global objects * Create permanent shared objects * Create symbolic links * Deny access to this computer from the network * Deny log on as a batch job * Deny log on as a service * Deny log on locally * Deny log on through Terminal Services * Force shutdown from a remote system * Increase a process working set * Increase scheduling priority * Lock pages in memory * Log on as a batch job * Log on as a service * Modify an object label * Perform volume maintenance tasks * Profile single process * Profile system performance * Remove computer from docking station * Shut down the system * Synchronize directory service data. If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful attempts, and failure audits record unsuccessful attempts. Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO