Auditing on a per-user basis

by Mitch Tulloch [Published on 1 March 2006 / Last Updated on 1 March 2006]

How to configure per-user auditing.

Windows Server 2003 Service Pack 1 lets you do something you couldn't do on previous platforms, namely configure audit settings on a per-user basis. This new feature is called "Per-User Selective Audit" and was actually present in Windows Server 2003 RTM but by mistake the command-line tool auditusr.exe wasn't included for that platform.

Per-user auditing can be used for example when you want to audit only logon/logoff events for all users, while for one particular user you are suspicious about you want to audit *all* audit settings. In other words, it's a good tool for drilling in on suspicious activity on your network.

To configure per-user auditing you use the auditusr.exe tool, and to find out how to do this, open a command prompt window and type auditusr /? for instructions.

Featured Links