By default, auditing of all user rights is not enabled
regardless of the settings in the audit policy. Therefore, if a user has the
right to back up files, that user can access any file on the system; this would
not be captured by auditing. To audit the use of such rights, apply following.
Caution: because of the Bypass Traverse Checking
right, this will fill the audit log FAST.