Submit a ticketCall us

AnnouncementsWeb Help Desk Integrations eCourse

Looking to reduce response times? Sign up for our eCourse to learn how integrating Web Help Desk with Dameware Remote Support, Network Configuration Manager, Network Performance Monitor, and Server & Application Monitor can improve communication efficiencies.

Register here.

Home > Success Center > Log & Event Manager (LEM) > Reduce event noise from service account auditing

Reduce event noise from service account auditing

Table of contents

Updated April 4, 2017


This article describes how to reduce auditing on certain Windows accounts so as to avoid logging audit events for the account. 


  • All LEM versions
  • Windows


The auditpol command can be used to exclude Windows accounts from logging and avoid events related to the account from being generated. See the following Microsoft articles for additional reference:

(© 2017 Microsoft, available at, obtained on April 3, 2017.)

Depending on the Windows version, the commands to disable all auditing on a user account may look like the following:

auditpol /set /user:DomainName\ServiceAccountUser /exclude /category:*

auditpol /set /user:LocalServiceAccountUser /exclude /category:*


Note: Different versions of Windows have different formats for the auditpol command. 


Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.


Last modified