Generate security audits This policy setting determines which users or processes can generate audit records in the Security log. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.

[list of users followed by comma]

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights Assignment!Generate security audits (2) WMI: root sopcomputer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeAuditPrivilege' and precedence=1