Auditing on a per-user basis

by Mitch Tulloch [Published on 1 March 2006 / Last Updated on 1 March 2006]

How to configure per-user auditing.

Windows Server 2003 Service Pack 1 lets you do something you couldn't do on previous platforms, namely configure audit settings on a per-user basis. This new feature is called "Per-User Selective Audit" and was actually present in Windows Server 2003 RTM but by mistake the command-line tool auditusr.exe wasn't included for that platform.

Per-user auditing can be used for example when you want to audit only logon/logoff events for all users, while for one particular user you are suspicious about you want to audit *all* audit settings. In other words, it's a good tool for drilling in on suspicious activity on your network.

To configure per-user auditing you use the auditusr.exe tool, and to find out how to do this, open a command prompt window and type auditusr /? for instructions.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see .

Latest Contributions

Featured Links