Auditing on a per-user basis

Windows Server 2003 Service Pack 1 lets you do something you couldn’t do on previous platforms, namely configure audit settings on a per-user basis. This new feature is called “Per-User Selective Audit” and was actually present in Windows Server 2003 RTM but by mistake the command-line tool auditusr.exe wasn’t included for that platform.

Per-user auditing can be used for example when you want to audit only logon/logoff events for all users, while for one particular user you are suspicious about you want to audit *all* audit settings. In other words, it’s a good tool for drilling in on suspicious activity on your network.

To configure per-user auditing you use the auditusr.exe tool, and to find out how to do this, open a command prompt window and type auditusr /? for instructions.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top